VIRY.CZ

Krásný den,

prosím o pomoc s nějakou havětí v počítači, která mi zpomaluje počítač a vyhazuje různém chybové hlášky, např. aplikace se pkouší zavřít otevřené okno (přičemž je všechno vypnuto, kurzor je pomalý a při vypínání počítače asi něco stále pracuje, protože modrá odhlašovací obrazovka nechce zmizet a je na ní kurzor s přesýpacíma hodinama. Udělal jsem log z DDs, tady je DDS.txt:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25
Run by Hanka at 9:43:46 on 2011-06-06
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1247.577 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
C:\windows\system32\svchost -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalService
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\WService.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\System32\svchost.exe -k Akamai
C:\windows\aadrive32.exe
C:\windows\jodrive32.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\bsysmgr.exe
C:\Program Files\Noční obloha\vesmir.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\windows\system32\DRIVERS\WtSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
uURLSearchHooks: H - No File
mWinlogon: Taskman=c:\recycler\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
uWinlogon: Shell=c:\recycler\s-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe,c:\recycler\s-1-5-21-0243556031-888888379-781863308-9143\jikd.exe,c:\recycler\s-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe,explorer.exe,c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [winlog.exe] c:\documents and settings\hanka\data aplikací\microsoft\winlog.exe
uRun: [Tnaww] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
mRun: [WService] WService.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Microsoft Driver Setup] c:\windows\aadrive32.exe
mRun: [Microsoft Config Setup] c:\windows\jodrive32.exe
mRun: [bsysmgr] c:\windows\system32\bsysmgr.exe
mRun: [ac32] c:\windows\system32\ac32.exe
mRun: [name_meexuii] c:\documents and settings\hanka\data aplikací\32.tmp
mRun: [name_me] c:\documents and settings\hanka\data aplikací\33.tmp
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [Microsoft Driver Setup] c:\windows\aadrive32.exe
mExplorerRun: [Microsoft Config Setup] c:\windows\jodrive32.exe
StartupFolder: c:\docume~1\hanka\nabdka~1\programy\posput~1\vesmrn~1.lnk - c:\program files\noční obloha\vesmir.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{29D6DE02-76FA-4320-8954-CE9871B24C62} : DhcpNameServer = 195.128.203.3 213.168.1.6
TCP: Interfaces\{A9E6A660-312A-4B93-86FE-2B74FCB8BC99} : DhcpNameServer = 213.46.172.36 213.46.172.37
Notify: cryptnet32 - cryptnet32.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hanka\data aplikací\mozilla\firefox\profiles\f861dc2f.default\
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-9-23 14336]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2011-3-26 247608]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-9-23 69120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-16 136176]
S2 Netmanm;Network Connections to Monitor;c:\windows\system32\crssc.exe [2011-6-5 46615]
S2 XAMPP;XAMPP Service;c:\web\programy\xampp\service.exe --> c:\web\programy\xampp\service.exe [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\hanka\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\hanka\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-16 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [2000-12-26 167661]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
S4 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S4 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
.
=============== Created Last 30 ================
.
2011-06-06 07:43:46 -------- d--h--w- c:\documents and settings\hanka\Okolní tiskárny
2011-06-06 07:39:31 41984 ----a-w- c:\windows\system32\81.exe
2011-06-06 07:38:15 21893 ----a-w- c:\documents and settings\hanka\data aplikací\33.tmp
2011-06-06 07:38:13 21893 ----a-w- c:\documents and settings\hanka\data aplikací\32.tmp
2011-06-06 07:38:10 21504 ----a-w- c:\documents and settings\hanka\data aplikací\31.tmp
2011-06-06 07:38:08 72704 ----a-w- c:\documents and settings\hanka\data aplikací\30.tmp
2011-06-06 07:37:35 21504 ----a-w- c:\documents and settings\hanka\data aplikací\2F.tmp
2011-06-06 07:37:33 23040 ----a-w- c:\documents and settings\hanka\data aplikací\2E.tmp
2011-06-06 07:37:31 72704 ----a-w- c:\documents and settings\hanka\data aplikací\2D.tmp
2011-06-06 07:37:06 124416 ------w- c:\documents and settings\hanka\ddqj.exe
2011-06-06 07:27:40 21893 ----a-w- c:\documents and settings\hanka\data aplikací\2C.tmp
2011-06-06 07:27:38 21893 ----a-w- c:\documents and settings\hanka\data aplikací\2B.tmp
2011-06-06 07:27:36 21504 ----a-w- c:\documents and settings\hanka\data aplikací\2A.tmp
2011-06-06 07:27:35 72704 ----a-w- c:\documents and settings\hanka\data aplikací\29.tmp
2011-06-06 07:27:10 23040 ----a-w- c:\documents and settings\hanka\data aplikací\28.tmp
2011-06-06 07:27:08 72192 ----a-w- c:\documents and settings\hanka\data aplikací\27.tmp
2011-06-06 07:26:29 60779 ----a-w- c:\windows\d139.exe
2011-06-06 07:26:28 21893 ----a-w- c:\documents and settings\hanka\data aplikací\26.tmp
2011-06-06 07:26:25 21893 ----a-w- c:\documents and settings\hanka\data aplikací\25.tmp
2011-06-06 07:26:23 21504 ----a-w- c:\documents and settings\hanka\data aplikací\24.tmp
2011-06-06 07:26:18 72704 ----a-w- c:\documents and settings\hanka\data aplikací\23.tmp
2011-06-06 03:48:09 90112 ----a-w- c:\windows\d233.exe
2011-06-06 03:48:06 60779 ----a-w- c:\windows\system32\bsysmgr.exe
2011-06-06 03:48:06 21893 ----a-w- c:\documents and settings\hanka\data aplikací\22.tmp
2011-06-06 03:48:04 21893 ----a-w- c:\documents and settings\hanka\data aplikací\21.tmp
2011-06-06 03:48:02 21504 ----a-w- c:\documents and settings\hanka\data aplikací\20.tmp
2011-06-06 03:48:00 72704 ----a-w- c:\documents and settings\hanka\data aplikací\1F.tmp
2011-06-06 03:47:16 23040 ----a-w- c:\documents and settings\hanka\data aplikací\1E.tmp
2011-06-06 03:47:15 72192 ----a-w- c:\documents and settings\hanka\data aplikací\1D.tmp
2011-06-06 03:35:34 90112 ----a-w- c:\windows\system32\ac32.exe
2011-06-06 03:35:32 21893 ----a-w- c:\documents and settings\hanka\data aplikací\1C.tmp
2011-06-06 03:35:28 21893 ----a-w- c:\documents and settings\hanka\data aplikací\1B.tmp
2011-06-06 03:35:25 21504 ----a-w- c:\documents and settings\hanka\data aplikací\1A.tmp
2011-06-06 03:35:14 72704 ----a-w- c:\documents and settings\hanka\data aplikací\19.tmp
2011-06-06 03:34:30 23040 ----a-w- c:\documents and settings\hanka\data aplikací\18.tmp
2011-06-06 03:34:29 72704 ----a-w- c:\documents and settings\hanka\data aplikací\17.tmp
2011-06-05 18:27:00 41984 ----a-w- c:\windows\system32\57.exe
2011-06-05 18:04:47 41984 ----a-w- c:\windows\system32\32.exe
2011-06-05 17:53:40 41984 ----a-w- c:\windows\system32\08.exe
2011-06-05 17:20:19 41984 ----a-w- c:\windows\system32\04.exe
2011-06-05 17:18:22 46615 ----a-w- c:\windows\system32\hnm5.exe
2011-06-05 17:06:24 21893 ----a-w- c:\documents and settings\hanka\data aplikací\16.tmp
2011-06-05 17:06:20 21893 ----a-w- c:\documents and settings\hanka\data aplikací\15.tmp
2011-06-05 17:06:18 21504 ----a-w- c:\documents and settings\hanka\data aplikací\14.tmp
2011-06-05 17:06:17 72704 ----a-w- c:\documents and settings\hanka\data aplikací\13.tmp
2011-06-05 17:05:38 23040 ----a-w- c:\documents and settings\hanka\data aplikací\12.tmp
2011-06-05 17:05:35 72192 ----a-w- c:\documents and settings\hanka\data aplikací\11.tmp
2011-06-05 15:17:39 72704 --sh--r- c:\windows\jodrive32.exe
2011-06-05 15:17:37 72704 ----a-w- c:\windows\system32\84.exe
2011-06-05 15:06:58 41984 ----a-w- c:\windows\system32\71.exe
2011-06-05 15:02:09 41984 ----a-w- c:\windows\system32\60.exe
2011-06-05 15:01:53 41984 ----a-w- c:\windows\system32\61.exe
2011-06-05 14:48:49 41984 ----a-w- c:\windows\system32\47.exe
2011-06-05 14:33:40 41984 ----a-w- c:\windows\system32\40.exe
2011-06-05 14:22:12 23040 ----a-w- c:\documents and settings\hanka\data aplikací\10.tmp
2011-06-05 14:22:11 72704 ----a-w- c:\documents and settings\hanka\data aplikací\F.tmp
2011-06-05 09:59:50 23040 ----a-w- c:\documents and settings\hanka\data aplikací\E.tmp
2011-06-05 09:59:49 72704 ----a-w- c:\documents and settings\hanka\data aplikací\D.tmp
2011-06-05 04:44:38 41984 ----a-w- c:\windows\system32\56.exe
2011-06-05 04:39:14 23552 ----a-w- c:\documents and settings\hanka\mdswix.exe
2011-06-05 04:30:34 46615 ------w- c:\windows\system32\crssc.exe
2011-06-05 04:03:48 72192 --sh--r- c:\windows\aadrive32.exe
2011-06-05 04:03:39 23040 ----a-w- c:\documents and settings\hanka\data aplikací\C.tmp
2011-06-05 04:03:34 72192 ----a-w- c:\documents and settings\hanka\data aplikací\B.tmp
2011-06-05 04:02:58 41984 ----a-w- c:\windows\system32\58.exe
2011-05-28 14:44:57 26624 ----a-w- c:\windows\system32\dll.dll
.
==================== Find3M ====================
.
2011-04-28 18:13:57 296939 ----a-w- c:\windows\system32\shimg.dll
2011-04-24 12:19:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-24 12:19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-02 19:18:52 49152 ----a-w- c:\windows\system32\cryptnet32.dll
.
============= FINISH: 9:45:21,50 ===============

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11.12.2009 13:06:12
System Uptime: 6.6.2011 9:35:50 (0 hours ago)
.
Motherboard: KAPOK | | Intel 852/855GM
Processor: Intel(R) Celeron(R) M processor 1400MHz | uPGA2 | 1399/1399mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 0,582 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 233 GiB total, 8,559 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem na sběrnici PCI
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_03501558&REV_03\3&61AAA01&0&FE
Manufacturer:
Name: Modem na sběrnici PCI
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_03501558&REV_03\3&61AAA01&0&FE
Service:
.
==== System Restore Points ===================
.
RP209: 21.5.2011 20:43:22 - Kontrolní bod systému
RP210: 22.5.2011 20:55:37 - Kontrolní bod systému
RP211: 30.5.2011 11:53:37 - Kontrolní bod systému
.
==== Installed Programs ======================
.
4Story 1.6
7-Zip 4.65
Adobe ActiveShare 1.5
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Android SDK Tools
Ask Toolbar
ASUS Probe V2.12.09
µTorrent CZ 1.8.5 (build 17414)
Bing Maps 3D
BlueJ 3.0.4
CCleaner
Civilization III Complete Edition
Conduit Engine
Connect
Creative WebCam Pro Driver
Crystal Reports for Visual Studio
D-Link AirPlus
DjVu Web Browser Plug-in
Download Updater (AOL LLC)
Driver Detective
EasyCleaner
EVEREST Home Edition v2.20
Gadwin PrintScreen
GIMP 2.6.11
GOM Player
Google Earth
Google Chrome
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
HP PrecisionScan LTX
ICQ Toolbar
Intel(R) Extreme Graphics 2 Driver
IrfanView (remove only)
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 25
Java(TM) SE Development Kit 6 Update 24
Java(TM) SE Development Kit 6 Update 25
K-Lite Codec Pack 5.8.3 (Basic)
Kouzelná farma 1.0
kuler
LizardTech DjVu Control
Magic ISO Maker v5.5 (build 0276)
McAfee Security Scan Plus
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Expression Design 3
Microsoft Expression Encoder 3
Microsoft Expression Studio 3
Microsoft Expression Web 3
Microsoft Help Viewer 1.0
Microsoft Help Viewer 1.0 Language Pack - CSY
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 4.0.1 (x86 cs)
Mozilla Thunderbird (3.1.2)
MSXML 6.0 Parser (KB933579)
Mumble 1.2.3
Nero 8
NetBeans IDE 6.9.1
Noční obloha 1.5
OpenOffice.org 3.3
Opera 10.10
Oprava Hotfix systému Windows XP (KB942288-v3)
Oracle Data Provider for .NET Help
Oracle Database 10g Express Edition
PCI Audio Applications
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PSPad editor
Python 2.7
QIP Infium 3.0.9044
QIP Internet Guardian
Realtek AC'97 Audio
Sid Meier's Civilization Chronicles
Skype™ 4.2
Sql Server Customer Experience Improvement Program
STORMWARE POHODA CZ Start
Suite Shared Configuration CS4
TeamSpeak 2 RC2
Total Commander (Remove or Repair)
Update Manager
uTorrentBar Toolbar
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
Web Deployment Tool
WebFldrs XP
Windows Imaging Component
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Search 4.0
Windows XP Service Pack 3
WPF Toolkit June 2009 (Version 3.5.40619.1)
X2X Free Video Capture 2.0
X2X Free Video Trim 2.0
Xerox Phaser 3122
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================

Díky za pomoc

P.S. Asi tam budou nějaké zbytky po odinstalovaných programech, já totiž netuším, co si můžu dovolit smazat a co tam mám nechat

Zdravim, pekny den preji a vitam Vas u nas na foru

Jste se dala na chov konicku trojskych a stadecka rootkitu

Mate tam celou zoo i s babkou pokladni

Poprosim o log z RSIT - viz muj podpis - je prehlednejsi nez DDS

Díky za pochvalu, farmářství bylo vždycky můj koníček

log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by Hanka at 2011-06-06 11:32:00
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 582 MB (2%) free of 38 GB
Total RAM: 1247 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:32:10, on 6.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\windows\system32\WService.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Noční obloha\vesmir.exe
C:\windows\aadrive32.exe
C:\windows\jodrive32.exe
C:\windows\System32\svchost.exe
C:\windows\system32\bsysmgr.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\crssc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\System32\svchost.exe
C:\windows\system32\DRIVERS\WtSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\cmd.exe
C:\windows\system32\ping.exe
C:\Documents and Settings\Hanka\Plocha\RSIT.exe
C:\Program Files\trend micro\Hanka.exe

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\windows\aadrive32.exe
O4 - HKLM\..\Run: [Microsoft Config Setup] C:\windows\jodrive32.exe
O4 - HKLM\..\Run: [bsysmgr] C:\windows\system32\bsysmgr.exe
O4 - HKLM\..\Run: [ac32] C:\windows\system32\ac32.exe
O4 - HKLM\..\Run: [name_meexuii] C:\Documents and Settings\Hanka\Data aplikací\32.tmp
O4 - HKLM\..\Run: [name_me] C:\Documents and Settings\Hanka\Data aplikací\33.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [winlog.exe] C:\Documents and Settings\Hanka\Data aplikací\Microsoft\winlog.exe
O4 - HKCU\..\Run: [Ujgugo] C:\Documents and Settings\Hanka\Data aplikací\Ujgugo.exe
O4 - HKCU\..\Run: [Algugu] C:\Documents and Settings\Hanka\Data aplikací\Algugu.exe
O4 - HKCU\..\Run: [Tnaww] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\windows\aadrive32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Config Setup] C:\windows\jodrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Vesmír na dlani.lnk = ?
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Network Connections to Monitor (Netmanm) - Unknown owner - C:\windows\system32\crssc.exe
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\windows\system32\DRIVERS\WtSrv.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\web\programy\xampp\service.exe (file missing)

--
End of file - 5615 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WService"=C:\windows\system32\WService.EXE [2005-11-23 40960]
"SoundMan"=C:\windows\SOUNDMAN.EXE [2007-04-16 577536]
"KernelFaultCheck"=C:\windows\system32\dumprep 0 -k []
"Microsoft Driver Setup"=C:\windows\aadrive32.exe [2011-06-05 72192]
"Microsoft Config Setup"=C:\windows\jodrive32.exe [2011-06-05 72704]
"bsysmgr"=C:\windows\system32\bsysmgr.exe [2011-06-06 60779]
"ac32"=C:\windows\system32\ac32.exe [2011-06-06 90112]
"name_meexuii"=C:\Documents [2008-08-27 549]
"name_me"=C:\Documents [2008-08-27 549]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\windows\aadrive32.exe [2011-06-05 72192]
"Microsoft Config Setup"=C:\windows\jodrive32.exe [2011-06-05 72704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"winlog.exe"=C:\Documents [2008-08-27 549]
"Ujgugo"=C:\Documents [2008-08-27 549]
"Algugu"=C:\Documents [2008-08-27 549]
"Tnaww"=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe [2011-06-06 23040]
"12CFG214-K641-12SF-N85P"=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe [2011-06-06 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
C:\Program Files\PCI Audio Applications\Mixer.exe [2000-12-27 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\windows\soundman.exe [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hanka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE /tsr []

C:\Documents and Settings\Hanka\Nabídka Start\Programy\Po spuštění
Vesmír na dlani.lnk - C:\Program Files\Noční obloha\vesmir.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]
C:\windows\system32\cryptnet32.dll [2011-04-02 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Documents and Settings\Hanka\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\Hanka\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"F:\programy\Metin2\metin2.bin"="F:\programy\Metin2\metin2.bin:*:Enabled:metin2"
"F:\programy\Metin2\metin2client.bin"="F:\programy\Metin2\metin2client.bin:*:Enabled:metin2client"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\warcraft\Warcraft III.exe"="C:\warcraft\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\wow\Launcher.exe"="C:\wow\Launcher.exe:*:Enabled:Launcher.exe"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"E:\programy\wow\Launcher.exe"="E:\programy\wow\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Metin2\metin2.bin"="C:\Program Files\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2011-06-06 11:32:02 ----D---- C:\Program Files\trend micro
2011-06-06 11:32:00 ----D---- C:\rsit
2011-06-06 09:39:31 ----A---- C:\windows\system32\81.exe
2011-06-06 09:38:15 ----A---- C:\Documents and Settings\Hanka\Data aplikací\33.tmp
2011-06-06 09:38:13 ----A---- C:\Documents and Settings\Hanka\Data aplikací\32.tmp
2011-06-06 09:38:10 ----A---- C:\Documents and Settings\Hanka\Data aplikací\31.tmp
2011-06-06 09:38:08 ----A---- C:\Documents and Settings\Hanka\Data aplikací\30.tmp
2011-06-06 09:37:35 ----A---- C:\Documents and Settings\Hanka\Data aplikací\2F.tmp
2011-06-06 09:37:33 ----A---- C:\Documents and Settings\Hanka\Data aplikací\2E.tmp
2011-06-06 09:37:31 ----A---- C:\Documents and Settings\Hanka\Data aplikací\2D.tmp
2011-06-06 09:27:40 ----A---- C:\Documents and Settings\Hanka\Data aplikací\2C.tmp
2011-06-06 09:27:38 ----A---- C:\Documents and Settings\Hanka\Data aplikací\2B.tmp
2011-06-06 09:27:36 ----A---- C:\Documents and Settings\Hanka\Data aplikací\2A.tmp
2011-06-06 09:27:35 ----A---- C:\Documents and Settings\Hanka\Data aplikací\29.tmp
2011-06-06 09:27:10 ----A---- C:\Documents and Settings\Hanka\Data aplikací\28.tmp
2011-06-06 09:27:08 ----A---- C:\Documents and Settings\Hanka\Data aplikací\27.tmp
2011-06-06 09:26:29 ----A---- C:\windows\d139.exe
2011-06-06 09:26:28 ----A---- C:\Documents and Settings\Hanka\Data aplikací\26.tmp
2011-06-06 09:26:25 ----A---- C:\Documents and Settings\Hanka\Data aplikací\25.tmp
2011-06-06 09:26:23 ----A---- C:\Documents and Settings\Hanka\Data aplikací\24.tmp
2011-06-06 09:26:18 ----A---- C:\Documents and Settings\Hanka\Data aplikací\23.tmp
2011-06-06 05:48:09 ----A---- C:\windows\d233.exe
2011-06-06 05:48:06 ----A---- C:\windows\system32\bsysmgr.exe
2011-06-06 05:48:06 ----A---- C:\Documents and Settings\Hanka\Data aplikací\22.tmp
2011-06-06 05:48:04 ----A---- C:\Documents and Settings\Hanka\Data aplikací\21.tmp
2011-06-06 05:48:02 ----A---- C:\Documents and Settings\Hanka\Data aplikací\20.tmp
2011-06-06 05:48:00 ----A---- C:\Documents and Settings\Hanka\Data aplikací\1F.tmp
2011-06-06 05:47:16 ----A---- C:\Documents and Settings\Hanka\Data aplikací\1E.tmp
2011-06-06 05:47:15 ----A---- C:\Documents and Settings\Hanka\Data aplikací\1D.tmp
2011-06-06 05:35:34 ----A---- C:\windows\system32\ac32.exe
2011-06-06 05:35:32 ----A---- C:\Documents and Settings\Hanka\Data aplikací\1C.tmp
2011-06-06 05:35:28 ----A---- C:\Documents and Settings\Hanka\Data aplikací\1B.tmp
2011-06-06 05:35:25 ----A---- C:\Documents and Settings\Hanka\Data aplikací\1A.tmp
2011-06-06 05:35:14 ----A---- C:\Documents and Settings\Hanka\Data aplikací\19.tmp
2011-06-06 05:34:30 ----A---- C:\Documents and Settings\Hanka\Data aplikací\18.tmp
2011-06-06 05:34:29 ----A---- C:\Documents and Settings\Hanka\Data aplikací\17.tmp
2011-06-05 20:27:00 ----A---- C:\windows\system32\57.exe
2011-06-05 20:04:47 ----A---- C:\windows\system32\32.exe
2011-06-05 19:53:40 ----A---- C:\windows\system32\08.exe
2011-06-05 19:20:19 ----A---- C:\windows\system32\04.exe
2011-06-05 19:18:22 ----A---- C:\windows\system32\hnm5.exe
2011-06-05 19:06:24 ----A---- C:\Documents and Settings\Hanka\Data aplikací\16.tmp
2011-06-05 19:06:20 ----A---- C:\Documents and Settings\Hanka\Data aplikací\15.tmp
2011-06-05 19:06:18 ----A---- C:\Documents and Settings\Hanka\Data aplikací\14.tmp
2011-06-05 19:06:17 ----A---- C:\Documents and Settings\Hanka\Data aplikací\13.tmp
2011-06-05 19:05:38 ----A---- C:\Documents and Settings\Hanka\Data aplikací\12.tmp
2011-06-05 19:05:35 ----A---- C:\Documents and Settings\Hanka\Data aplikací\11.tmp
2011-06-05 17:17:58 -------- C:\Documents and Settings\Hanka\Data aplikací\Algugu.exe
2011-06-05 17:17:39 ----RSH---- C:\windows\jodrive32.exe
2011-06-05 17:17:37 ----A---- C:\windows\system32\84.exe
2011-06-05 17:06:58 ----A---- C:\windows\system32\71.exe
2011-06-05 17:02:09 ----A---- C:\windows\system32\60.exe
2011-06-05 17:01:53 ----A---- C:\windows\system32\61.exe
2011-06-05 16:48:49 ----A---- C:\windows\system32\47.exe
2011-06-05 16:33:40 ----A---- C:\windows\system32\40.exe
2011-06-05 16:22:12 ----A---- C:\Documents and Settings\Hanka\Data aplikací\10.tmp
2011-06-05 16:22:11 ----A---- C:\Documents and Settings\Hanka\Data aplikací\F.tmp
2011-06-05 11:59:50 ----A---- C:\Documents and Settings\Hanka\Data aplikací\E.tmp
2011-06-05 11:59:49 ----A---- C:\Documents and Settings\Hanka\Data aplikací\D.tmp
2011-06-05 06:44:38 ----A---- C:\windows\system32\56.exe
2011-06-05 06:31:37 ----A---- C:\windows\system32\drivers\tcpip.sys.bck
2011-06-05 06:30:34 ----R---- C:\windows\system32\crssc.exe
2011-06-05 06:03:48 ----RSH---- C:\windows\aadrive32.exe
2011-06-05 06:03:39 ----A---- C:\Documents and Settings\Hanka\Data aplikací\C.tmp
2011-06-05 06:03:34 ----A---- C:\Documents and Settings\Hanka\Data aplikací\B.tmp
2011-06-05 06:03:25 -------- C:\Documents and Settings\Hanka\Data aplikací\Ujgugo.exe
2011-06-05 06:02:58 ----A---- C:\windows\system32\58.exe
2011-05-28 16:44:57 ----A---- C:\windows\system32\dll.dll

======List of files/folders modified in the last 1 months======

2011-06-06 11:32:02 ----RD---- C:\Program Files
2011-06-06 11:29:02 ----D---- C:\windows\Temp
2011-06-06 11:28:04 ----D---- C:\Documents and Settings\Hanka\Data aplikací\PriceGong
2011-06-06 11:27:20 ----D---- C:\Program Files\Common Files\Akamai
2011-06-06 11:27:01 ----D---- C:\windows\system32
2011-06-06 09:27:50 ----A---- C:\windows\SchedLgU.Txt
2011-06-06 09:26:29 ----D---- C:\WINDOWS
2011-06-06 06:53:51 ----SHD---- C:\windows\Installer
2011-06-06 05:36:08 ----D---- C:\windows\Prefetch
2011-06-05 19:22:24 ----D---- C:\Program Files\Noční obloha
2011-06-05 19:06:19 ----RSHD---- C:\RECYCLER
2011-06-05 06:31:37 ----D---- C:\windows\system32\drivers
2011-06-04 11:30:08 ----D---- C:\Documents and Settings\Hanka\Data aplikací\Mumble
2011-06-03 17:23:33 ----D---- C:\Program Files\ICQ6Toolbar
2011-06-03 15:43:03 ----D---- C:\Documents and Settings\Hanka\Data aplikací\Skype
2011-06-03 14:25:48 ----D---- C:\Documents and Settings\Hanka\Data aplikací\ICQ
2011-06-03 14:23:26 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-03 14:23:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ICQ
2011-06-03 08:56:50 ----D---- C:\Documents and Settings\Hanka\Data aplikací\skypePM
2011-06-03 08:51:36 ----D---- C:\windows\system32\CatRoot2
2011-05-25 10:13:22 ----D---- C:\Program Files\Mozilla Firefox
2011-05-23 13:56:26 ----D---- C:\Documents and Settings\Hanka\Data aplikací\uTorrent
2011-05-22 20:00:16 ----A---- C:\windows\NeroDigital.ini
2011-05-18 07:17:57 ----D---- C:\windows\WinSxS
2011-05-15 21:20:16 ----A---- C:\windows\WINCMD.INI
2011-05-12 14:35:16 ----D---- C:\windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-01-13 436792]
R1 intelppm;Řadič procesoru Intel; C:\windows\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 adfs;adfs; C:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ialm;ialm; C:\windows\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\windows\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 DgiVecp;Team MFP Comm Driver; C:\windows\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
S3 abfqn7bs;abfqn7bs; C:\windows\system32\drivers\abfqn7bs.sys []
S3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\windows\system32\DRIVERS\airplus.sys [2003-03-05 155520]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\windows\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\Hanka\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt []
S3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\windows\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PD1030VID;Creative WebCam Pro; C:\windows\system32\DRIVERS\p1030vid.sys [2000-12-26 167661]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Tablet2k;Serial Tablet Port Driver; C:\windows\System32\Drivers\Tablet2k.sys [2000-06-13 15370]
S3 TClass2k;Tablet Class Driver; C:\windows\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
S3 UCTblHid;HID Tablet Port Driver; C:\windows\system32\DRIVERS\UCTblHid.sys [2003-03-05 11090]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 RsFx0103;RsFx0103 Driver; C:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-04-24 153376]
R2 Netmanm;Network Connections to Monitor; C:\windows\system32\crssc.exe [2011-06-05 46615]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WinTabService;WinTab Service; C:\windows\system32\DRIVERS\WtSrv.exe [2003-09-30 40960]
R2 WSearch;Windows Search; C:\windows\system32\SearchIndexer.exe [2008-05-26 439808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S2 XAMPP;XAMPP Service; C:\web\programy\xampp\service.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 OracleXEClrAgent;OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [2006-02-02 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-09 655624]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [2006-02-02 102400]
S4 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [2006-02-02 57616]
S4 OracleServiceXE;OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-02 59064320]
S4 OracleXETNSListener;OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 204800]

-----------------EOF-----------------

Tak prosim o strpeni, nez vymyslim postup

Je to opravdu hodne zaneseno, tak snad to PC prezije

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:commands
[CLEARALLRESTOREPOINTS]
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855f3b16-6d32-4fe6-8a56-bbb695989046}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Driver Setup"=-
"Microsoft Config Setup"=-
"bsysmgr"=-
"ac32"=-
"name_meexuii"=-
"name_me"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=-
"Microsoft Config Setup"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"winlog.exe"=-
"Ujgugo"=-
"Algugu"=-
"Tnaww"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

:Services
ICQ Service
Akamai
gupdate
gupdatem

:files
C:\RECYCLER
C:\windows\aadrive32.exe
C:\windows\jodrive32.exe
C:\windows\system32\ac32.exe
C:\windows\system32\bsysmgr.exe
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\Scheduled Update for Ask Toolbar.job
:\Documents and Settings\Hanka\Data aplikací\*.exe
c:\documents and settings\hanka\data aplikací\*.tmp
c:\program files\utorrentbar
c:\program files\icq6toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Tak první zabíjení počítač přežil

Jen se nechtěl restartovat, pořád tam byla ta odhlašovací obrazovka a přesýpací hodiny, tak jsem to po pěti minutách vypnula natvrdo

All processes killed
========== COMMANDS ==========

Restore points cleared and new OTM Restore Point set!
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Hanka
->Temp folder emptied: 769471491 bytes
->Temporary Internet Files folder emptied: 538286558 bytes
->Java cache emptied: 14213004 bytes
->FireFox cache emptied: 68027308 bytes
->Google Chrome cache emptied: 6304265 bytes
->Opera cache emptied: 15674949 bytes
->Flash cache emptied: 138498 bytes

User: LocalService
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 392978 bytes

User: NetworkService
->Temp folder emptied: 32768 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 117138 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139202 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40470649 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 4855 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 387,00 mb

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855f3b16-6d32-4fe6-8a56-bbb695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Driver Setup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Config Setup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bsysmgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ac32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\name_meexuii deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\name_me deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Microsoft Driver Setup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Microsoft Config Setup deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winlog.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ujgugo deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Algugu deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tnaww deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
Service Akamai stopped successfully!
Service Akamai deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
C:\RECYCLER\S-1-5-21-1801674531-789336058-839522115-1003 folder moved successfully.
C:\RECYCLER\S-1-5-21-1275210071-842925246-1343024091-1003 folder moved successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 folder moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143 folder moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043 folder moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413 folder moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343 folder moved successfully.
C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013 folder moved successfully.
C:\RECYCLER folder moved successfully.
C:\windows\aadrive32.exe moved successfully.
C:\windows\jodrive32.exe moved successfully.
C:\windows\system32\ac32.exe moved successfully.
C:\windows\system32\bsysmgr.exe moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\windows\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
Error: Unable to interpret <:\Documents and Settings\Hanka\Data aplikací\*.exe> in the current context!
Error: Unable to interpret <c:\documents and settings\hanka\data aplikací\*.tmp> in the current context!
Error: Unable to interpret <c:\program files\utorrentbar> in the current context!
Error: Unable to interpret <c:\program files\icq6toolbar> in the current context!
Error: Unable to interpret <%windir%\system32\*.tmp.dll /s> in the current context!
Error: Unable to interpret <%windir%\system32\SET*.tmp /s> in the current context!
Error: Unable to interpret <%windir%\*.tmp> in the current context!

OTM by OldTimer - Version 3.1.18.0 log created on 06062011_115245

Je tam ještě prázdný soubor s příponou .res

Nevím, čím to je, ale najednou mám o 2GB volnýho místa na disku víc

Ty dve giga Vam udelalo OTM kdyz vycistilo docasne slozky...Tohle bylo jen zahrivaci kolo, ted tam pustime poradny nastroj

Aplikujte exeHelper dle navodu kolegy

stell píše: Stiahni na plochu:
http://www.raktor.net/exeHelper/exeHelper.scr
2x klík na na exeHelper.com,alebo.src, spustí sa oprava.
po dokončení opravy stlač ľubovoľný kláves.
LOG >VLOZ SEM
Poznámka:
Ak sa v okne zobrazí sprava,
"Chyba pri odstraňovaní súboru",spusťte program znovu.
Teraz nesmies restartovat pocitac

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Tady je log z toho exeHelperu:

exeHelper by Raktor
Build 20100414
Run at 12:17:55 on 06/06/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Teď jdu na ten zbytek. Snad to přežijeme s počítačem bez úhony oba dva

Oba tri, ja jsem tez napjaty jestli uzivateli neodejde PC do kopriv

Nešel, ani to netrvalo tak dlouho, jen jsem měla problém s konzolou, vyhodilo to chybovou hlášku, že nejde nainstalovat. Tady je log.txt:

ComboFix 11-06-05.06 - Hanka 06.06.2011 12:26:12.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1247.651 [GMT 2:00]
Spuštěný z: c:\documents and settings\Hanka\Plocha\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hanka\Data aplikací\10.tmp
c:\documents and settings\Hanka\Data aplikací\11.tmp
c:\documents and settings\Hanka\Data aplikací\12.tmp
c:\documents and settings\Hanka\Data aplikací\13.tmp
c:\documents and settings\Hanka\Data aplikací\14.tmp
c:\documents and settings\Hanka\Data aplikací\15.tmp
c:\documents and settings\Hanka\Data aplikací\16.tmp
c:\documents and settings\Hanka\Data aplikací\17.tmp
c:\documents and settings\Hanka\Data aplikací\18.tmp
c:\documents and settings\Hanka\Data aplikací\19.tmp
c:\documents and settings\Hanka\Data aplikací\1A.tmp
c:\documents and settings\Hanka\Data aplikací\1B.tmp
c:\documents and settings\Hanka\Data aplikací\1C.tmp
c:\documents and settings\Hanka\Data aplikací\1D.tmp
c:\documents and settings\Hanka\Data aplikací\1E.tmp
c:\documents and settings\Hanka\Data aplikací\1F.tmp
c:\documents and settings\Hanka\Data aplikací\20.tmp
c:\documents and settings\Hanka\Data aplikací\21.tmp
c:\documents and settings\Hanka\Data aplikací\22.tmp
c:\documents and settings\Hanka\Data aplikací\23.tmp
c:\documents and settings\Hanka\Data aplikací\24.tmp
c:\documents and settings\Hanka\Data aplikací\25.tmp
c:\documents and settings\Hanka\Data aplikací\26.tmp
c:\documents and settings\Hanka\Data aplikací\27.tmp
c:\documents and settings\Hanka\Data aplikací\28.tmp
c:\documents and settings\Hanka\Data aplikací\29.tmp
c:\documents and settings\Hanka\Data aplikací\2A.tmp
c:\documents and settings\Hanka\Data aplikací\2B.tmp
c:\documents and settings\Hanka\Data aplikací\2C.tmp
c:\documents and settings\Hanka\Data aplikací\2D.tmp
c:\documents and settings\Hanka\Data aplikací\2E.tmp
c:\documents and settings\Hanka\Data aplikací\2F.tmp
c:\documents and settings\Hanka\Data aplikací\30.tmp
c:\documents and settings\Hanka\Data aplikací\31.tmp
c:\documents and settings\Hanka\Data aplikací\32.tmp
c:\documents and settings\Hanka\Data aplikací\33.tmp
c:\documents and settings\Hanka\Data aplikací\Algugu.exe
c:\documents and settings\Hanka\Data aplikací\B.tmp
c:\documents and settings\Hanka\Data aplikací\C.tmp
c:\documents and settings\Hanka\Data aplikací\D.tmp
c:\documents and settings\Hanka\Data aplikací\E.tmp
c:\documents and settings\Hanka\Data aplikací\F.tmp
c:\documents and settings\Hanka\Data aplikací\Microsoft\winlog.exe
c:\documents and settings\Hanka\Data aplikací\PriceGong
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Hanka\Data aplikací\PriceGong\Data\z.xml
c:\documents and settings\Hanka\Data aplikací\Ujgugo.exe
c:\documents and settings\Hanka\mdswix.exe
c:\documents and settings\Hanka\Recent\Thumbs.db
C:\Documents
c:\restoration\Restoration.exe
C:\Thumbs.db
c:\windows\d.ini
c:\windows\system32\04.exe
c:\windows\system32\08.exe
c:\windows\system32\32.exe
c:\windows\system32\40.exe
c:\windows\system32\47.exe
c:\windows\system32\56.exe
c:\windows\system32\57.exe
c:\windows\system32\58.exe
c:\windows\system32\60.exe
c:\windows\system32\61.exe
c:\windows\system32\71.exe
c:\windows\system32\81.exe
c:\windows\system32\84.exe
c:\windows\system32\Cache
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\Dll.dll
c:\windows\system32\shimg.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wservice.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-06 do 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 09:52 . 2011-06-06 09:52 -------- d-----w- C:\_OTM
2011-06-06 09:32 . 2011-06-06 09:32 -------- d-----w- c:\program files\trend micro
2011-06-06 09:32 . 2011-06-06 09:32 -------- d-----w- C:\rsit
2011-06-06 07:43 . 2011-06-06 07:43 -------- d--h--w- c:\documents and settings\Hanka\Okolní tiskárny
2011-06-06 07:26 . 2011-06-06 07:38 60779 ----a-w- c:\windows\d139.exe
2011-06-06 03:48 . 2011-06-06 07:38 90112 ----a-w- c:\windows\d233.exe
2011-06-05 17:18 . 2011-06-06 09:57 46615 ----a-w- c:\windows\system32\hnm5.exe
2011-06-05 04:30 . 2011-06-05 17:13 46615 ------r- c:\windows\system32\crssc.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 12:26 . 2010-08-24 17:01 2118784 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-04-24 12:19 . 2011-04-24 12:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-24 12:19 . 2011-04-21 18:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-30 11:21 . 2011-03-24 07:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Hanka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Vesmˇr na dlani.lnk - c:\program files\Noźnˇ obloha\vesmir.exe [2003-11-29 57344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Hanka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Hanka\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2000-12-27 10:53 806912 ----a-w- c:\program files\PCI Audio Applications\Mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-02-07 07:36 77824 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-02-07 07:40 118784 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-02-07 07:39 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Documents and Settings\\Hanka\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 XAMPP;XAMPP Service;c:\web\programy\xampp\service.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PD1030VID;Creative WebCam Pro;c:\windows\system32\DRIVERS\p1030vid.sys [2000-12-26 167661]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
R4 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-13 436792]
S2 Netmanm;Network Connections to Monitor;c:\windows\system32\crssc.exe [2011-06-05 46615]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\F861DC2F.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Ujgugo - c:\documents and settings\Hanka\Data aplikací\Ujgugo.exe
HKCU-Run-Algugu - c:\documents and settings\Hanka\Data aplikací\Algugu.exe
HKLM-Run-WService - WService.EXE
HKLM-Run-Microsoft Config Setup - c:\windows\jodrive32.exe
HKLM-Run-bsysmgr - c:\windows\system32\bsysmgr.exe
HKLM-Run-ac32 - c:\windows\system32\ac32.exe
HKLM-Run-name_meexuii - c:\documents and settings\Hanka\Data aplikací\32.tmp
HKLM-Run-name_me - c:\documents and settings\Hanka\Data aplikací\33.tmp
HKU-Default-Run-Algugu - c:\documents and settings\Hanka\Data aplikací\Algugu.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-4StoryCZ_is1 - f:\programy\4Story\unins000.exe
AddRemove-Creative WebCam Pro - c:\windows\ctdrvins.exe -uninstall usb\vid_05a9&pid_a511 -plugin p1030pin.dll
AddRemove-HijackThis - f:\dokumenty\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 12:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
name_meexuii = c:\documents and settings\Hanka\Data aplikac?\32.tmp??"?@?,?x?,? ???t?"?t?"????? ?????,? ???\??|???|p?,?,?"?????$?"?????????H?,???????????Q?P?,???"?x?,?T?"???,?x?,???????,?x?,?x?,???,?x?,????????|??,?x?,?l?"????????|??,?8?"?!??|??,?=??|??,?????A???x?Q?r???(:Q
name_me = c:\documents and settings\Hanka\Data aplikac?\33.tmp??"?@?,?x?,? ???t?"?t?"????? ?????,? ???\??|???|p?,?,?"?????$?"?????????H?,???????????Q?P?,???"?x?,?T?"???,?x?,???????,?x?,?x?,???,?x?,????????|??,?x?,?l?"????????|??,?8?"?!??|??,?=??|??,?????A???x?Q?r???(:Q
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\DRIVERS\WtSrv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Noční obloha\vesmir.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-06-06 12:46:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-06 10:45
.
Před spuštěním: 2 311 561 216
Po spuštění: 2 277 830 656
.
- - End Of File - - F6583B50E352B12751C7697A543EF4A2

Skript pro OTM - postup je stejny - log pak sem

Kód: Vybrat vše

:files
c:\Documents and Settings\Hanka\Data aplikací\*.exe
c:\documents and settings\hanka\data aplikací\*.tmp
c:\program files\utorrentbar
c:\program files\icq6toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Restore::
c:\windows\system32\drivers\tcpip.sys

Collect::
c:\windows\d139.exe
c:\windows\d233.exe
c:\windows\system32\crssc.exe

File::
c:\documents and settings\Hanka\Data aplikací\32.tmp
c:\documents and settings\Hanka\Data aplikací\33.tmp

Folder::
c:\program files\uTorrentBar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1064:TCP"=-
"5000:UDP"=-

NetSvc::
Akamai

Driver::
gupdatem
Netmanm

Firefox::
FF - ProfilePath - c:\documents and settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\F861DC2F.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Tak OTM hotový, při restartu se mi už konečně sám vypnul počítač

All processes killed
========== FILES ==========
c:\Documents and Settings\Hanka\Data aplikací\lsass.exe moved successfully.
File/Folder c:\documents and settings\hanka\data aplikací\*.tmp not found.
c:\program files\uTorrentBar folder moved successfully.
c:\program files\ICQ6Toolbar folder moved successfully.
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hanka
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25946360 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 25,00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 06062011_131514

Files moved on Reboot...

Registry entries deleted on Reboot...

Fajn, ted tam mrsknete ten skript pro ComboFix a uvidime

uvidime,ze nic neuvidime. Pocitac prezil,ale internet ne

tohle pisu z mobilu a log sem nehodim. Mistni sit funguje,zkousela jsem pingnout na seznam,to jede,ale ani jeden prohlizec nic nezobrazi a prihlasit na wowko taky nejde

VIRY.CZ

Pomalý počítač, chybové hlášky

Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky

Re: Pomalý počítač, chybové hlášky