System Tool Version

[Evka]

Dobry den,
chtela bych pozadat o radu s odstranenim falesneho antiviru "system tool version". Zkousela jsem nainstalovat "Remove fake antivirus" a MalwareBytes’ Antimalware, ale ty nejdou nainstalovat, ani po prejmenovani. Takze se bojim, ze ani zadny program na logy nepujde nainstalovat, ale muzu to zkusit.
Mnohokrat dekuji za jakoukoliv radu
Eva

[vyosek]

Zdravim a pekny vecer preji

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

Kliknete do meho podpisu na RSIT a dejte log z nej - navod Vas povede...

[Evka]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jarka at 2010-12-20 21:24:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 42 GB (28%) free of 153 GB
Total RAM: 503 MB (71% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1364589140-839522115-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1364589140-839522115-1007UA.job
C:\WINDOWS\tasks\Norton Security Scan for Jarka.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6D6F90-31CA-4878-A7A3-1CD50F115A69}]
Zvýrazňovač slov Lištičky - C:\Program Files\Seznam.cz\listicka.dll [2009-03-10 684696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll [2009-03-02 38320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F47-5AD1-443E-AE34-FFE03CBF3099}]
Společná komponenta pro aplikace společnosti Seznam.cz - C:\Program Files\Seznam.cz\core.dll [2009-03-10 985752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll [2009-03-02 333208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-15 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-04 1603152]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-05-15 54576]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-12-09 74752]
"imjpmig"=C:\IME\IMJP\imjpmig.exe [2001-02-20 192592]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-03 281768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2008-05-15 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-22 94208]
"Google Update"=C:\Documents and Settings\Jarka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"lLjLe07400"=C:\Documents and Settings\All Users\Data aplikací\lLjLe07400\lLjLe07400 [2010-12-20 94]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Jarka\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
ViiKiiDesktopPlugin.lnk - C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=4294967295

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-12-20 21:24:39 ----D---- C:\Program Files\trend micro
2010-12-20 21:24:38 ----D---- C:\rsit
2010-12-20 21:20:56 ----D---- C:\WINDOWS\CSC
2010-12-20 21:20:46 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-20 20:13:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\lLjLe07400
2010-12-17 02:24:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-17 02:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-17 02:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-17 02:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-17 02:24:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-17 02:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-17 02:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2416400$
2010-12-17 02:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-11 12:25:40 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-12-20 21:24:39 ----D---- C:\Program Files
2010-12-20 21:20:56 ----D---- C:\WINDOWS
2010-12-20 21:19:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-20 21:19:36 ----D---- C:\WINDOWS\Temp
2010-12-20 21:18:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-20 21:09:16 ----D---- C:\WINDOWS\Prefetch
2010-12-20 20:13:46 ----D---- C:\Documents and Settings
2010-12-20 19:56:31 ----D---- C:\Documents and Settings\Jarka\Data aplikací\Skype
2010-12-20 18:57:00 ----D---- C:\Documents and Settings\Jarka\Data aplikací\skypePM
2010-12-19 23:31:34 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-19 22:54:41 ----D---- C:\WINDOWS\system32
2010-12-19 18:53:06 ----D---- C:\Program Files\Mozilla Firefox
2010-12-17 02:24:54 ----HD---- C:\WINDOWS\inf
2010-12-17 02:24:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-17 02:24:47 ----A---- C:\WINDOWS\imsins.BAK
2010-12-17 02:24:35 ----D---- C:\WINDOWS\system32\drivers
2010-12-17 02:24:32 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-17 02:24:15 ----SHD---- C:\WINDOWS\Installer
2010-12-17 02:24:15 ----SHD---- C:\Config.Msi
2010-12-17 02:19:50 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-17 02:19:32 ----D---- C:\Program Files\Outlook Express
2010-12-16 21:46:13 ----D---- C:\Documents and Settings\Jarka\Data aplikací\uTorrent
2010-12-15 01:31:15 ----D---- C:\Program Files\Metin2_CZ
2010-12-14 23:09:11 ----D---- C:\Program Files\Winamp
2010-12-13 19:28:56 ----D---- C:\Program Files\uTorrent
2010-12-12 18:42:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2010-12-11 12:26:31 ----RD---- C:\Program Files\Skype
2010-12-11 12:25:40 ----D---- C:\Program Files\Common Files
2010-12-11 12:25:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-12-10 17:12:33 ----D---- C:\Program Files\Winamp Detect
2010-12-03 21:34:04 ----SHD---- C:\System Volume Information
2010-12-03 21:31:33 ----D---- C:\WINDOWS\system32\NtmsData
2010-12-03 19:25:47 ----D---- C:\WINDOWS\Registration
2010-11-30 18:56:49 ----D---- C:\Program Files\TLBB
2010-11-25 20:10:23 ----SD---- C:\Documents and Settings\Jarka\Data aplikací\Microsoft
2010-11-22 20:53:43 ----D---- C:\Program Files\GRETECH
2010-11-22 19:01:54 ----D---- C:\Documents and Settings\Jarka\Data aplikací\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-19 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-12-09 135096]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-11-24 61960]
S2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
S2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys []
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys []
S3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-09 267944]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
S2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "SunJavaUpdateSched"=-
  "WinampAgent"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "KernelFaultCheck"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "OM2_Monitor"=-
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
  "Google Update"=-
  "msnmsgr"=-
  "Skype"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "lLjLe07400"=-
  
  :files
  C:\Documents and Settings\All Users\Data aplikací\lLjLe07400\
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1364589140-839522115-1007Core.job
  C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1364589140-839522115-1007UA.job
  C:\WINDOWS\tasks\Norton Security Scan for Jarka.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINT]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[Evka]

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OM2_Monitor deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lLjLe07400 deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Data aplikací\lLjLe07400 folder moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1364589140-839522115-1007Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1364589140-839522115-1007UA.job moved successfully.
C:\WINDOWS\tasks\Norton Security Scan for Jarka.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SETB3.tmp moved successfully.
C:\WINDOWS\system32\SETB5.tmp moved successfully.
C:\WINDOWS\system32\SETBA.tmp moved successfully.
C:\WINDOWS\system32\SETC1.tmp moved successfully.
C:\WINDOWS\system32\SETC3.tmp moved successfully.
C:\WINDOWS\002546_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SETA.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10AA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10D0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10E7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP139.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BD4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4BF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFCA.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI3215.tmp moved successfully.
C:\WINDOWS\Installer\MSI3C1.tmp moved successfully.
C:\WINDOWS\Installer\MSI49E.tmp moved successfully.
C:\WINDOWS\Installer\MSI8.tmp moved successfully.
C:\WINDOWS\Installer\MSICB.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt13B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\c40714d5b04af66acd1cc52cc6d573d2\BIT14.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\40e2dllp.TMP moved successfully.
C:\WINDOWS\Temp\93ph7q57.TMP moved successfully.
C:\WINDOWS\Temp\exp1027.tmp moved successfully.
C:\WINDOWS\Temp\exp105A.tmp moved successfully.
C:\WINDOWS\Temp\exp1071.tmp moved successfully.
C:\WINDOWS\Temp\exp1078.tmp moved successfully.
C:\WINDOWS\Temp\exp11.tmp moved successfully.
C:\WINDOWS\Temp\exp111.tmp moved successfully.
C:\WINDOWS\Temp\exp112.tmp moved successfully.
C:\WINDOWS\Temp\exp113A.tmp moved successfully.
C:\WINDOWS\Temp\exp11A6.tmp moved successfully.
C:\WINDOWS\Temp\exp11AD.tmp moved successfully.
C:\WINDOWS\Temp\exp11C4.tmp moved successfully.
C:\WINDOWS\Temp\exp12.tmp moved successfully.
C:\WINDOWS\Temp\exp120D.tmp moved successfully.
C:\WINDOWS\Temp\exp121.tmp moved successfully.
C:\WINDOWS\Temp\exp122.tmp moved successfully.
C:\WINDOWS\Temp\exp125E.tmp moved successfully.
C:\WINDOWS\Temp\exp12A7.tmp moved successfully.
C:\WINDOWS\Temp\exp12DC.tmp moved successfully.
C:\WINDOWS\Temp\exp13.tmp moved successfully.
C:\WINDOWS\Temp\exp1306.tmp moved successfully.
C:\WINDOWS\Temp\exp1312.tmp moved successfully.
C:\WINDOWS\Temp\exp1319.tmp moved successfully.
C:\WINDOWS\Temp\exp1323.tmp moved successfully.
C:\WINDOWS\Temp\exp134.tmp moved successfully.
C:\WINDOWS\Temp\exp134D.tmp moved successfully.
C:\WINDOWS\Temp\exp13B1.tmp moved successfully.
C:\WINDOWS\Temp\exp13B8.tmp moved successfully.
C:\WINDOWS\Temp\exp13C8.tmp moved successfully.
C:\WINDOWS\Temp\exp13D9.tmp moved successfully.
C:\WINDOWS\Temp\exp13E4.tmp moved successfully.
C:\WINDOWS\Temp\exp14.tmp moved successfully.
C:\WINDOWS\Temp\exp145.tmp moved successfully.
C:\WINDOWS\Temp\exp15.tmp moved successfully.
C:\WINDOWS\Temp\exp1513.tmp moved successfully.
C:\WINDOWS\Temp\exp1529.tmp moved successfully.
C:\WINDOWS\Temp\exp154.tmp moved successfully.
C:\WINDOWS\Temp\exp1575.tmp moved successfully.
C:\WINDOWS\Temp\exp15AC.tmp moved successfully.
C:\WINDOWS\Temp\exp15B7.tmp moved successfully.
C:\WINDOWS\Temp\exp15C.tmp moved successfully.
C:\WINDOWS\Temp\exp16.tmp moved successfully.
C:\WINDOWS\Temp\exp160C.tmp moved successfully.
C:\WINDOWS\Temp\exp1613.tmp moved successfully.
C:\WINDOWS\Temp\exp16CD.tmp moved successfully.
C:\WINDOWS\Temp\exp17.tmp moved successfully.
C:\WINDOWS\Temp\exp1711.tmp moved successfully.
C:\WINDOWS\Temp\exp175C.tmp moved successfully.
C:\WINDOWS\Temp\exp17E.tmp moved successfully.
C:\WINDOWS\Temp\exp18.tmp moved successfully.
C:\WINDOWS\Temp\exp18F9.tmp moved successfully.
C:\WINDOWS\Temp\exp19.tmp moved successfully.
C:\WINDOWS\Temp\exp192.tmp moved successfully.
C:\WINDOWS\Temp\exp1989.tmp moved successfully.
C:\WINDOWS\Temp\exp1A.tmp moved successfully.
C:\WINDOWS\Temp\exp1A28.tmp moved successfully.
C:\WINDOWS\Temp\exp1A9.tmp moved successfully.
C:\WINDOWS\Temp\exp1B.tmp moved successfully.
C:\WINDOWS\Temp\exp1B1F.tmp moved successfully.
C:\WINDOWS\Temp\exp1B2E.tmp moved successfully.
C:\WINDOWS\Temp\exp1BA5.tmp moved successfully.
C:\WINDOWS\Temp\exp1C.tmp moved successfully.
C:\WINDOWS\Temp\exp1CCC.tmp moved successfully.
C:\WINDOWS\Temp\exp1CD.tmp moved successfully.
C:\WINDOWS\Temp\exp1CFB.tmp moved successfully.
C:\WINDOWS\Temp\exp1D.tmp moved successfully.
C:\WINDOWS\Temp\exp1D0F.tmp moved successfully.
C:\WINDOWS\Temp\exp1D4A.tmp moved successfully.
C:\WINDOWS\Temp\exp1D88.tmp moved successfully.
C:\WINDOWS\Temp\exp1DC7.tmp moved successfully.
C:\WINDOWS\Temp\exp1E.tmp moved successfully.
C:\WINDOWS\Temp\exp1EAA.tmp moved successfully.
C:\WINDOWS\Temp\exp1EAB.tmp moved successfully.
C:\WINDOWS\Temp\exp1F.tmp moved successfully.
C:\WINDOWS\Temp\exp1F93.tmp moved successfully.
C:\WINDOWS\Temp\exp20.tmp moved successfully.
C:\WINDOWS\Temp\exp2032.tmp moved successfully.
C:\WINDOWS\Temp\exp208.tmp moved successfully.
C:\WINDOWS\Temp\exp20C4.tmp moved successfully.
C:\WINDOWS\Temp\exp20D5.tmp moved successfully.
C:\WINDOWS\Temp\exp21.tmp moved successfully.
C:\WINDOWS\Temp\exp2125.tmp moved successfully.
C:\WINDOWS\Temp\exp2154.tmp moved successfully.
C:\WINDOWS\Temp\exp216F.tmp moved successfully.
C:\WINDOWS\Temp\exp21B8.tmp moved successfully.
C:\WINDOWS\Temp\exp21E9.tmp moved successfully.
C:\WINDOWS\Temp\exp22.tmp moved successfully.
C:\WINDOWS\Temp\exp227.tmp moved successfully.
C:\WINDOWS\Temp\exp228.tmp moved successfully.
C:\WINDOWS\Temp\exp22A4.tmp moved successfully.
C:\WINDOWS\Temp\exp22CA.tmp moved successfully.
C:\WINDOWS\Temp\exp23.tmp moved successfully.
C:\WINDOWS\Temp\exp231.tmp moved successfully.
C:\WINDOWS\Temp\exp233F.tmp moved successfully.
C:\WINDOWS\Temp\exp237.tmp moved successfully.
C:\WINDOWS\Temp\exp23D2.tmp moved successfully.
C:\WINDOWS\Temp\exp24.tmp moved successfully.
C:\WINDOWS\Temp\exp2495.tmp moved successfully.
C:\WINDOWS\Temp\exp2496.tmp moved successfully.
C:\WINDOWS\Temp\exp25.tmp moved successfully.
C:\WINDOWS\Temp\exp251D.tmp moved successfully.
C:\WINDOWS\Temp\exp26.tmp moved successfully.
C:\WINDOWS\Temp\exp26C.tmp moved successfully.
C:\WINDOWS\Temp\exp27.tmp moved successfully.
C:\WINDOWS\Temp\exp2761.tmp moved successfully.
C:\WINDOWS\Temp\exp27A1.tmp moved successfully.
C:\WINDOWS\Temp\exp27F0.tmp moved successfully.
C:\WINDOWS\Temp\exp28.tmp moved successfully.
C:\WINDOWS\Temp\exp2871.tmp moved successfully.
C:\WINDOWS\Temp\exp289.tmp moved successfully.
C:\WINDOWS\Temp\exp29.tmp moved successfully.
C:\WINDOWS\Temp\exp2A.tmp moved successfully.
C:\WINDOWS\Temp\exp2A0.tmp moved successfully.
C:\WINDOWS\Temp\exp2A49.tmp moved successfully.
C:\WINDOWS\Temp\exp2A86.tmp moved successfully.
C:\WINDOWS\Temp\exp2A87.tmp moved successfully.
C:\WINDOWS\Temp\exp2AB0.tmp moved successfully.
C:\WINDOWS\Temp\exp2ABA.tmp moved successfully.
C:\WINDOWS\Temp\exp2B.tmp moved successfully.
C:\WINDOWS\Temp\exp2BF.tmp moved successfully.
C:\WINDOWS\Temp\exp2C.tmp moved successfully.
C:\WINDOWS\Temp\exp2C6D.tmp moved successfully.
C:\WINDOWS\Temp\exp2C6F.tmp moved successfully.
C:\WINDOWS\Temp\exp2D.tmp moved successfully.
C:\WINDOWS\Temp\exp2DF.tmp moved successfully.
C:\WINDOWS\Temp\exp2E.tmp moved successfully.
C:\WINDOWS\Temp\exp2E2D.tmp moved successfully.
C:\WINDOWS\Temp\exp2F.tmp moved successfully.
C:\WINDOWS\Temp\exp2F1E.tmp moved successfully.
C:\WINDOWS\Temp\exp2F37.tmp moved successfully.
C:\WINDOWS\Temp\exp2F8F.tmp moved successfully.
C:\WINDOWS\Temp\exp2FE.tmp moved successfully.
C:\WINDOWS\Temp\exp30.tmp moved successfully.
C:\WINDOWS\Temp\exp301.tmp moved successfully.
C:\WINDOWS\Temp\exp309.tmp moved successfully.
C:\WINDOWS\Temp\exp309F.tmp moved successfully.
C:\WINDOWS\Temp\exp31.tmp moved successfully.
C:\WINDOWS\Temp\exp317.tmp moved successfully.
C:\WINDOWS\Temp\exp318C.tmp moved successfully.
C:\WINDOWS\Temp\exp32.tmp moved successfully.
C:\WINDOWS\Temp\exp3253.tmp moved successfully.
C:\WINDOWS\Temp\exp326.tmp moved successfully.
C:\WINDOWS\Temp\exp326D.tmp moved successfully.
C:\WINDOWS\Temp\exp33D9.tmp moved successfully.
C:\WINDOWS\Temp\exp341.tmp moved successfully.
C:\WINDOWS\Temp\exp3414.tmp moved successfully.
C:\WINDOWS\Temp\exp352C.tmp moved successfully.
C:\WINDOWS\Temp\exp3651.tmp moved successfully.
C:\WINDOWS\Temp\exp37E3.tmp moved successfully.
C:\WINDOWS\Temp\exp37F4.tmp moved successfully.
C:\WINDOWS\Temp\exp381.tmp moved successfully.
C:\WINDOWS\Temp\exp38D.tmp moved successfully.
C:\WINDOWS\Temp\exp3939.tmp moved successfully.
C:\WINDOWS\Temp\exp3AFC.tmp moved successfully.
C:\WINDOWS\Temp\exp3CB.tmp moved successfully.
C:\WINDOWS\Temp\exp3D04.tmp moved successfully.
C:\WINDOWS\Temp\exp3D4F.tmp moved successfully.
C:\WINDOWS\Temp\exp3D51.tmp moved successfully.
C:\WINDOWS\Temp\exp3E4.tmp moved successfully.
C:\WINDOWS\Temp\exp3EC7.tmp moved successfully.
C:\WINDOWS\Temp\exp4.tmp moved successfully.
C:\WINDOWS\Temp\exp4023.tmp moved successfully.
C:\WINDOWS\Temp\exp4064.tmp moved successfully.
C:\WINDOWS\Temp\exp4110.tmp moved successfully.
C:\WINDOWS\Temp\exp425.tmp moved successfully.
C:\WINDOWS\Temp\exp443C.tmp moved successfully.
C:\WINDOWS\Temp\exp44B3.tmp moved successfully.
C:\WINDOWS\Temp\exp48C.tmp moved successfully.
C:\WINDOWS\Temp\exp4D.tmp moved successfully.
C:\WINDOWS\Temp\exp4ED.tmp moved successfully.
C:\WINDOWS\Temp\exp4F4A.tmp moved successfully.
C:\WINDOWS\Temp\exp52B.tmp moved successfully.
C:\WINDOWS\Temp\exp546.tmp moved successfully.
C:\WINDOWS\Temp\exp55.tmp moved successfully.
C:\WINDOWS\Temp\exp559.tmp moved successfully.
C:\WINDOWS\Temp\exp5B81.tmp moved successfully.
C:\WINDOWS\Temp\exp5D6.tmp moved successfully.
C:\WINDOWS\Temp\exp5D86.tmp moved successfully.
C:\WINDOWS\Temp\exp5E4.tmp moved successfully.
C:\WINDOWS\Temp\exp5EB.tmp moved successfully.
C:\WINDOWS\Temp\exp60A.tmp moved successfully.
C:\WINDOWS\Temp\exp639.tmp moved successfully.
C:\WINDOWS\Temp\exp67C.tmp moved successfully.
C:\WINDOWS\Temp\exp67E.tmp moved successfully.
C:\WINDOWS\Temp\exp680.tmp moved successfully.
C:\WINDOWS\Temp\exp681.tmp moved successfully.
C:\WINDOWS\Temp\exp68A6.tmp moved successfully.
C:\WINDOWS\Temp\exp69A9.tmp moved successfully.
C:\WINDOWS\Temp\exp6D7.tmp moved successfully.
C:\WINDOWS\Temp\exp6EC.tmp moved successfully.
C:\WINDOWS\Temp\exp706D.tmp moved successfully.
C:\WINDOWS\Temp\exp70C.tmp moved successfully.
C:\WINDOWS\Temp\exp74E.tmp moved successfully.
C:\WINDOWS\Temp\exp751.tmp moved successfully.
C:\WINDOWS\Temp\exp75E.tmp moved successfully.
C:\WINDOWS\Temp\exp790.tmp moved successfully.
C:\WINDOWS\Temp\exp7A2.tmp moved successfully.
C:\WINDOWS\Temp\exp804.tmp moved successfully.
C:\WINDOWS\Temp\exp817.tmp moved successfully.
C:\WINDOWS\Temp\exp82B.tmp moved successfully.
C:\WINDOWS\Temp\exp848.tmp moved successfully.
C:\WINDOWS\Temp\exp861.tmp moved successfully.
C:\WINDOWS\Temp\exp869.tmp moved successfully.
C:\WINDOWS\Temp\exp893.tmp moved successfully.
C:\WINDOWS\Temp\exp8B6.tmp moved successfully.
C:\WINDOWS\Temp\exp8BA.tmp moved successfully.
C:\WINDOWS\Temp\exp8E0.tmp moved successfully.
C:\WINDOWS\Temp\exp8F8.tmp moved successfully.
C:\WINDOWS\Temp\exp95.tmp moved successfully.
C:\WINDOWS\Temp\exp98D.tmp moved successfully.
C:\WINDOWS\Temp\exp99.tmp moved successfully.
C:\WINDOWS\Temp\exp998.tmp moved successfully.
C:\WINDOWS\Temp\exp99B.tmp moved successfully.
C:\WINDOWS\Temp\exp9BB.tmp moved successfully.
C:\WINDOWS\Temp\exp9FD.tmp moved successfully.
C:\WINDOWS\Temp\expA21.tmp moved successfully.
C:\WINDOWS\Temp\expA72.tmp moved successfully.
C:\WINDOWS\Temp\expAA0.tmp moved successfully.
C:\WINDOWS\Temp\expAA2.tmp moved successfully.
C:\WINDOWS\Temp\expACD.tmp moved successfully.
C:\WINDOWS\Temp\expAE.tmp moved successfully.
C:\WINDOWS\Temp\expB3B.tmp moved successfully.
C:\WINDOWS\Temp\expB91.tmp moved successfully.
C:\WINDOWS\Temp\expBC5.tmp moved successfully.
C:\WINDOWS\Temp\expBC9.tmp moved successfully.
C:\WINDOWS\Temp\expBD6.tmp moved successfully.
C:\WINDOWS\Temp\expBDD.tmp moved successfully.
C:\WINDOWS\Temp\expC47.tmp moved successfully.
C:\WINDOWS\Temp\expC58.tmp moved successfully.
C:\WINDOWS\Temp\expC59.tmp moved successfully.
C:\WINDOWS\Temp\expC79.tmp moved successfully.
C:\WINDOWS\Temp\expCA4.tmp moved successfully.
C:\WINDOWS\Temp\expCAB.tmp moved successfully.
C:\WINDOWS\Temp\expCC4.tmp moved successfully.
C:\WINDOWS\Temp\expCEB.tmp moved successfully.
C:\WINDOWS\Temp\expCF7.tmp moved successfully.
C:\WINDOWS\Temp\expD13.tmp moved successfully.
C:\WINDOWS\Temp\expD1E.tmp moved successfully.
C:\WINDOWS\Temp\expD47.tmp moved successfully.
C:\WINDOWS\Temp\expDD.tmp moved successfully.
C:\WINDOWS\Temp\expDD0.tmp moved successfully.
C:\WINDOWS\Temp\expE00.tmp moved successfully.
C:\WINDOWS\Temp\expE2A.tmp moved successfully.
C:\WINDOWS\Temp\expE5D.tmp moved successfully.
C:\WINDOWS\Temp\expE70.tmp moved successfully.
C:\WINDOWS\Temp\expE7D.tmp moved successfully.
C:\WINDOWS\Temp\expED8.tmp moved successfully.
C:\WINDOWS\Temp\expF37.tmp moved successfully.
C:\WINDOWS\Temp\HTT6C7.tmp moved successfully.
C:\WINDOWS\Temp\l6x3v1n5.TMP moved successfully.
C:\WINDOWS\Temp\NOD3ED8.tmp moved successfully.
C:\WINDOWS\Temp\NSF13BF.tmp moved successfully.
C:\WINDOWS\Temp\NSF13C1.tmp moved successfully.
C:\WINDOWS\Temp\NSF13C4.tmp moved successfully.
C:\WINDOWS\Temp\NSF142.tmp moved successfully.
C:\WINDOWS\Temp\NSF144.tmp moved successfully.
C:\WINDOWS\Temp\NSF148.tmp moved successfully.
C:\WINDOWS\Temp\NSF171E.tmp moved successfully.
C:\WINDOWS\Temp\NSF1AF.tmp moved successfully.
C:\WINDOWS\Temp\NSF1B1.tmp moved successfully.
C:\WINDOWS\Temp\NSF1B3.tmp moved successfully.
C:\WINDOWS\Temp\NSF3AD4.tmp moved successfully.
C:\WINDOWS\Temp\NSF3AD6.tmp moved successfully.
C:\WINDOWS\Temp\NSF3AD8.tmp moved successfully.
C:\WINDOWS\Temp\NSF56A.tmp moved successfully.
C:\WINDOWS\Temp\NSF56C.tmp moved successfully.
C:\WINDOWS\Temp\NSF56E.tmp moved successfully.
C:\WINDOWS\Temp\NSFE06.tmp moved successfully.
C:\WINDOWS\Temp\NUP13C0.tmp moved successfully.
C:\WINDOWS\Temp\NUP13C3.tmp moved successfully.
C:\WINDOWS\Temp\NUP13C5.tmp moved successfully.
C:\WINDOWS\Temp\NUP13E5.tmp moved successfully.
C:\WINDOWS\Temp\NUP141.tmp moved successfully.
C:\WINDOWS\Temp\NUP143.tmp moved successfully.
C:\WINDOWS\Temp\NUP1AE.tmp moved successfully.
C:\WINDOWS\Temp\NUP1B0.tmp moved successfully.
C:\WINDOWS\Temp\NUP1B2.tmp moved successfully.
C:\WINDOWS\Temp\NUP1B4.tmp moved successfully.
C:\WINDOWS\Temp\NUP3AD5.tmp moved successfully.
C:\WINDOWS\Temp\NUP3AD7.tmp moved successfully.
C:\WINDOWS\Temp\NUP3AD9.tmp moved successfully.
C:\WINDOWS\Temp\NUP3ADA.tmp moved successfully.
C:\WINDOWS\Temp\NUP56B.tmp moved successfully.
C:\WINDOWS\Temp\NUP56D.tmp moved successfully.
C:\WINDOWS\Temp\NUP56F.tmp moved successfully.
C:\WINDOWS\Temp\NUP570.tmp moved successfully.
C:\WINDOWS\Temp\WDF7D6.tmp folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: A

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Jarka
->Temp folder emptied: 535822073 bytes
->Temporary Internet Files folder emptied: 1024984787 bytes
->Java cache emptied: 82448796 bytes
->FireFox cache emptied: 68513360 bytes
->Google Chrome cache emptied: 95156774 bytes
->Opera cache emptied: 51230080 bytes
->Flash cache emptied: 395634 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 35783 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Suvka
->Temp folder emptied: 768857950 bytes
->Temporary Internet Files folder emptied: 98010034 bytes
->Java cache emptied: 35018467 bytes
->FireFox cache emptied: 77280035 bytes
->Opera cache emptied: 24745815 bytes
->Flash cache emptied: 66023 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26391888 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91265438 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 842,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12202010_213822

[vyosek]

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

Znovu v nouzovem rezimu aplikujte RKill

Spustte MBAM - nezapomente pred skenem aktualizovat databazi - udelejte uplny sken a dejte log pred mazanim - MBAM obcas miva falesne detekce tak proto chci log na posouzeni at si neodpalite neco legitimniho - navod pripadne v mem podpise

[Evka]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5363

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

20.12.2010 22:37:58
mbam-log-2010-12-20 (22-37-20).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 274366
Uplynulý čas: 30 minut, 9 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\system volume information\_restore{548ab703-4004-4316-9c92-3335ffdd72d2}\RP727\A0301130.exe (Rogue.SystemTool) -> No action taken.
c:\documents and settings\A\nabídka start\Programy\po spuštění\santa.bat (Trojan.Downloader) -> No action taken.
c:\documents and settings\Jarka\Plocha\system tool 2011.lnk (Rogue.SystemTool) -> No action taken.

[vyosek]

Vse co nasel MBAM smazte

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Nechte PC nabehnout do normalniho rezimu a napiste jak se chova

[Evka]

Vse vypada normalne, moc ti dekuju, radce : )

[vyosek]

Tak jeste uklidime

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou problemy a ani dotazy, je to z me strany vse

Jinak nemate zac, rad jsem pomohl a bylo mi potesenim s Vami spolupracovat

[borrys]

Drý den,
Měl jsem stejný problém.
díky vašemu návodu na postup jsem celí počítač vyléčil.
mockrát vám děkuji.

[vyosek]

Drý den,
Měl jsem stejný problém.
díky vašemu návodu na postup jsem celí počítač vyléčil.
mockrát vám děkuji.

Zdravim,

k haveti je vsak treba pristupovat jako k jednotlivci, malo kdy existuje obecny navod...Doporucuji zalozit si tema v sekci v preventivkach a nechat PC zkontrolovat jeste...