Poprosim o kontrolu logu RSIT

[Mc_Murphy]

Co se týče PMky, tak si prosím uvědom, že naše fórum funguje na bázi dobrovolnosti. Všichni jsme tu zdarma a ve svém volném čase, tak na to ber zřetel.


Znovu spusť OTL.

• Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
• Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

:Commands
[clearallrestorepoints]
[resethosts]
[purity]
[emptytemp]
[emptyflash]

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PcaSp50.sys -- (PcaSp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 0F CA F0 F0 36 CD 01 [binary data]
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=NY&apn_dtid=YYYYYYYYSK&apn_uid=747930EB-0B32-40E0-9A1E-F05251239E9F&apn_sauid=B84387F6-F49C-41AE-BFE7-365C6A62D061&
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "TVersitybar Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
[2011.05.25 17:55:23 | 000,000,000 | ---D | M] (XfireXO) -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.11.12 19:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\ffxtlbr@babylon.com
[2012.05.18 19:33:19 | 000,002,400 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\askcom.xml
[2011.12.15 12:40:20 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\conduit.xml
[2011.03.18 14:05:04 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\metacrawler.xml
[2011.11.12 19:44:23 | 000,002,227 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: Babylon Translator = C:\Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4\
O8 - Extra context menu item: Translate this web page with Babylon - Reg Error: Value error. File not found
O8 - Extra context menu item: Translate with Babylon - Reg Error: Value error. File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\b25a6f5145cb11af9dd5be9e353db6ab\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\b25a6f5145cb11af9dd5be9e353db6ab\*.tmp -> ]
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[7 \Documents and Settings\Doma\Data aplikací\Azureus\torrents\*.tmp files -> \Documents and Settings\Doma\Data aplikací\Azureus\torrents\*.tmp -> ]
[2010.07.24 11:18:58 | 000,000,000 | ---D | M](C:\Documents and Settings\Doma\Data aplikac?) -- C:\Documents and Settings\Doma\Data aplikac�
(C:\Documents and Settings\Doma\Data aplikac?) -- C:\Documents and Settings\Doma\Data aplikac�
@Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF

:Files
C:\Documents and Settings\All Users\Data aplikací\Babylon
C:\Documents and Settings\Doma\Data aplikací\Babylon
C:\WINDOWS\System32\H@tKeysH@@k.DLL
C:\Documents and Settings\Doma\Data aplikací\Azureus\torrents\Adobe_Photoshop_CS5_Extended_(Crack___Instructions).5570840.TPB.torrent /d
C:\Documents and Settings\Doma\Data aplikací\Azureus\torrents\[kat.ph]audio4fun.av.voice.changer.diamond.7.0.29.crack.rh.torrent /d
C:\Documents and Settings\Doma\Data aplikací\uTorrent\GTAIV Patch 1030 + Razor Crack.rar.torrent /d
C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.crackfulldownload.com%2Ffavicon.ico /d
C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.cracks.cx%2Ffavicon.ico /d
C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.crackserialcodes.com%2Ffavicon.ico /d
C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.crackfulldownload.com.idx /d
C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.cracks.cx.idx /d
C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.crackserialcodes.com.idx /d
C:\Documents and Settings\Doma\Data aplikací\uTorrent\Camtasia Studio 7.0.0 + Serials & Keygen - DivXNL-team.torrent /d
C:\Documents and Settings\Doma\Data aplikací\uTorrent\Sony.Vegas.Pro.v11.Build.371.x64.Incl.Keygen.and.Patch.torrent /d
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57715:TCP"=-
"57715:UDP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57715:TCP"=-
"57715:UDP"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
""=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
""=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
""=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
""=-

• Klikni na tlačítko [Opravit].
• Po dokončení skenu se objeví log, ten mi sem vlož.
• Pokud se log nevejde do jednoho příspěvku, rozděl jej na více částí.

[Hornet]

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->FireFox cache emptied: 2874552 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Doma
->Temp folder emptied: 4991984 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52038759 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 117898 bytes
->Flash cache emptied: 8804609 bytes

User: Internet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->FireFox cache emptied: 2872883 bytes
->Flash cache emptied: 419 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2750641 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10074 bytes

Total Files Cleaned = 71,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Doma
->Flash cache emptied: 0 bytes

User: Internet
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service USBAAPL stopped successfully!
Service USBAAPL deleted successfully!
File System32\Drivers\usbaapl.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service pccsmcfd stopped successfully!
Service pccsmcfd deleted successfully!
File system32\DRIVERS\pccsmcfd.sys not found.
Service PcaSp50 stopped successfully!
Service PcaSp50 deleted successfully!
File system32\DRIVERS\PcaSp50.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service hwusbdev stopped successfully!
Service hwusbdev deleted successfully!
File system32\DRIVERS\ewusbdev.sys not found.
Service hwdatacard stopped successfully!
Service hwdatacard deleted successfully!
File system32\DRIVERS\ewusbmdm.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "TVersitybar Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
C:\Program Files\Yahoo!\Common\npyaxmpb.dll moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\metacrawler.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4 folder moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1444.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B2.tmp\System.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2EA.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3DF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4F4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5F1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP60E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8161.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0C0.tmp\ReachFramework.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0C0.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB4CB.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEC8.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI673.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wlt44EF.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\b25a6f5145cb11af9dd5be9e353db6ab\BIT6684.tmp deleted successfully.
\Documents and Settings\Doma\Data aplikací\Azureus\torrents\AZU3755657816132550864.tmp deleted successfully.
\Documents and Settings\Doma\Data aplikací\Azureus\torrents\AZU4998835435818776966.tmp deleted successfully.
\Documents and Settings\Doma\Data aplikací\Azureus\torrents\AZU52029475655173424.tmp deleted successfully.
\Documents and Settings\Doma\Data aplikací\Azureus\torrents\AZU5468079283802993975.tmp deleted successfully.
\Documents and Settings\Doma\Data aplikací\Azureus\torrents\AZU6190212162516366122.tmp deleted successfully.
\Documents and Settings\Doma\Data aplikací\Azureus\torrents\AZU6694638160791459541.tmp deleted successfully.
\Documents and Settings\Doma\Data aplikací\Azureus\torrents\AZU8036944593487817730.tmp deleted successfully.
C:\Documents and Settings\Doma\Data aplikac�\Nokia\Ovi Suite folder moved successfully.
C:\Documents and Settings\Doma\Data aplikac�\Nokia folder moved successfully.
C:\Documents and Settings\Doma\Data aplikac� folder moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\js folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\rslt folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\Ftxt folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\frameIE6 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\frame2_ folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\frame\Tabs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\frame folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\dropdown folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\controls folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\Btn folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\banner1_ folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\rslt folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\Ftxt folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\frame2 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\frame\Tabs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\frame folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\dropdown folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\crsl_ folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\controls folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\cmnty folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\Btn folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\banner_ folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\LocalUI folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon\Gloss folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon folder moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Babylon\updates folder moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Babylon\Content\icons folder moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Babylon\Content folder moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Babylon folder moved successfully.
C:\WINDOWS\System32\H@tKeysH@@k.DLL moved successfully.
C:\Documents and Settings\Doma\Data aplikací\Azureus\torrents\Adobe_Photoshop_CS5_Extended_(Crack___Instructions).5570840.TPB.torrent deleted successfully.
C:\Documents and Settings\Doma\Data aplikací\Azureus\torrents\[kat.ph]audio4fun.av.voice.changer.diamond.7.0.29.crack.rh.torrent deleted successfully.
C:\Documents and Settings\Doma\Data aplikací\uTorrent\GTAIV Patch 1030 + Razor Crack.rar.torrent deleted successfully.
File\Folder C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.crackfulldownload.com%2Ffavicon.ico not found.
File\Folder C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.cracks.cx%2Ffavicon.ico not found.
File\Folder C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.crackserialcodes.com%2Ffavicon.ico not found.
File\Folder C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.crackfulldownload.com.idx not found.
File\Folder C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.cracks.cx.idx not found.
File\Folder C:\Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.crackserialcodes.com.idx not found.
C:\Documents and Settings\Doma\Data aplikací\uTorrent\Camtasia Studio 7.0.0 + Serials & Keygen - DivXNL-team.torrent deleted successfully.
C:\Documents and Settings\Doma\Data aplikací\uTorrent\Sony.Vegas.Pro.v11.Build.371.x64.Incl.Keygen.and.Patch.torrent deleted successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\57715:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\57715:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\57715:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\57715:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS\\ deleted successfully.

OTL by OldTimer - Version 3.2.43.1 log created on 05222012_120026

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Omlouvam se za tu PM, samozrejme vim jak to tady funguje. Spratek je nedockavy prosim o informaci , pokud tu neco zustalo muzu pokracovat v cisteni pres TeamWiever 7. Zatim vrele diky za ucinnou pomoc

[Mc_Murphy]

Omlouvam se za tu PM, samozrejme vim jak to tady funguje. Spratek je nedockavy prosim o informaci , pokud tu neco zustalo muzu pokracovat v cisteni pres TeamWiever 7. Zatim vrele diky za ucinnou pomoc

V pořádku. Spratkovi udělit pár po tlamě s pozdravem, že jestli se mu začnu hrabat v těch cracích (crackách?), keygenech a nelegálnostech, co má v PC, tak se nebude stačit divit.

De facto OTL provedlo, co mělo, našel jsem ještě jeden maskovaný vir, nebo respektive jeho součást, takže pokud nejsou s PC žádné problémy, můžeme dočistit a máme hotovo.

[Hornet]

Tak co teda navrhujes? Pokusil jsem se nainstalovat NOD32 ver 5., 30 dnovou verzi, zahucel ze tam je nejaky Norton antivir, nikde ho nevidim. Potom posunul do karanteny nejakeho trojana. Masinu uz nemam tak skusim neco pres Team Wiever pokud bude moznost. Odzalohoval jsem Ghostem systemovou particii v tom stavu hned po vytvoreni logu. Pokud mas nejaky napad skus poradit. Jinak diky hodne jsem se naucil jak rikaji amicici ve filmech "Dobra prace " ani jsem netusil, ze tem programum se daji podsouvat skripty . Mam jeste jeden problem s Asusem F3K, je na nem Vista home edition a jede pomaleji nez slimak, nehori to , je to koupene proto aby se nemuseli platit dane casem by to chtelo dat do poradku. Muzeme pokracovat tady nebo mam otevrit nove vlakno ? Jeste jednou diky . At se hodne dari

[Mc_Murphy]

Hele, na trial verze se vyprdni. Je to jen na 30 dní a co potom? Pak si to spratek musí buď zakoupit nebo vleze na internet a začne to crackovat, což si nikdo nepřejeme, že ne. Odinstaluj tedy všechny NODy, co tam jsou a potom použij tento jejich remover (klik). Stáhni, ulož mu to na Plochu a spusť. Prográmek vyčistí případné zbytky po NODech, co tam budou. Po použití ho zase smaž.
Pak mu tam flákni nějaké free řešení, takže doporučuji Avast Free a nebo Avira Free. Oba jsou ve své oblasti absolutně nejlepší. Avira je možná trošku svižnější, ale není lokalizována v češtině. Jiný antivir mu tam nedávej!

"Podsouvat scripty" je poněkud nešťastná formulace. Kdyby to šlo vše jen spuštěním utility a hotovo, nebylo by třeba náš rádců. Jen by se napsaly postupy na různé symptomy a co má kdo spustit a bylo by hotovo. Jenomže to není tak jednoduché - logy se musí číst, detekovat, co je legální, co zbytečnost a co už havěť. A pak musíš vědět jak a co smáznout, protože ne vždy pouhé DELETE pomůže. I proto se zásadně nedoporučuje používat jakoukoliv utilitu na vlastní triko. Čím silnější utilita, tím horší případné negativní následky pro neznalého uživatele. Takže například na ComboFix, Avenger či TDSS Killer by měl neznalý uživatel rozhodně a rychle zapomenout, což se tu ale bohužel velmi často porušuje.

Pokud není ten ASUS jako firemní notebook, pak si založ nový thread v příslušné sekci, vlož tam log ze RSIT a někdo se na to mrkne. Sem to nevkládej, jen by se to tu pletlo.

Proveď to s tím antivirem a pak dej vědět, jak jsi dopadl, dočistíme.

[Hornet]

Mlady ma 12 let a znacne povolenou uzdu, tatinek nema moc hluboko do kapsy, takze si koupi NOD32 a basta, az to nainstaluji poslu sem novy log z RSIT a udelame "finita la komedia" Jeste jednou diky za spolupraci a at se dari v kazdem smeru

[Mc_Murphy]

OK, v pořádku, ale ať je NOD legálně zakoupený, porušování zákonů ČR zde nepodporujeme.
Každopádně bych to ale tím removerem projel, ať máš jistotu, že poč je čistý a pak tam fláknul legálního NODa.

Dej pak tedy ještě aktuální log ze RSITu, mrknu na to, dočistím a ukončíme tuto prohlídku, jak skoro přesně píšeš.

A není za co děkovat a děkuji, budu to moc potřebovat.