Virus Alert: Prosím pomoc Vyřešeno
Napsal: 23 črc 2008 15:47
Virus Alert: Tohle se mi objevilo dole u hodin, zmizely mi nektere ikony a mistni disky. Vubec si nevim rady. Moc prosim pomozte mi nekdo.
Stránka 1 z 1
Re: Virus Alert: Prosím pomoc
Napsal: 23 črc 2008 17:02
Máš antivír?? Ked ano tak ho skús použiť, alebo sem hoď Log z Hijackthis a pockaj kým ti ho nejaký mág na logy skontroluje.
Re: Virus Alert: Prosím pomoc
Napsal: 23 črc 2008 17:21
antivir ti nepomůže .. hoď jsem log Hijackthis a počkej až ti jej někdo projede
Re: Virus Alert: Prosím pomoc
Napsal: 24 črc 2008 15:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39: VIRUS ALERT!, on 24.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\Program Files\Virtual CD v9\System\VC9Play.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virtual CD v9\System\VC9Tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QXK Olive - {FE0F4B4F-A5A0-4529-BC78-1B04220F45E6} - C:\WINDOWS\nfavxwdbpgs.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: fdkowvbp - {88E2C28F-80C8-49BA-94A3-A5D4930B4A23} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Upozorňovač na e-maily na email.seznam.cz] C:\Program Files\Seznam\Postak\Postak.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 7503 bytes
Scan saved at 15:39: VIRUS ALERT!, on 24.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\Program Files\Virtual CD v9\System\VC9Play.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virtual CD v9\System\VC9Tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QXK Olive - {FE0F4B4F-A5A0-4529-BC78-1B04220F45E6} - C:\WINDOWS\nfavxwdbpgs.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: fdkowvbp - {88E2C28F-80C8-49BA-94A3-A5D4930B4A23} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Upozorňovač na e-maily na email.seznam.cz] C:\Program Files\Seznam\Postak\Postak.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 7503 bytes
Re: Virus Alert: Prosím pomoc
Napsal: 24 črc 2008 17:38
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah
Pokud používáš souborový manažer a dokázala by jsi zkopírovat na plochu jeden soubor tak udělej toto:
běž do adresáře kde máš rozbalený SDFix (typicky C:\SDFix) a tam najdeš soubor XP_CodecRepair.inf. Zkus si ho přesunout na plochu.
- klikni pravým tlačítkem myši na soubor XP_CodecRepair a zvol možnost nainstalovat.
- po té restartuj Pc a po najetí zpět se mrkni jestli problémy přetrvávají
jinak použij toto:
Stáhni si tento archiv a rozbal si jeho obsah na plochu
- klikni pravým tlačítkem myši na soubor VArestorepolicies.inf a zvol možnost nainstalovat.
- po té restartuj Pc a po najetí zpět se mrkni co ještě za problémy přetrvává + dej sem nový log z HJT
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah
Pokud používáš souborový manažer a dokázala by jsi zkopírovat na plochu jeden soubor tak udělej toto:
běž do adresáře kde máš rozbalený SDFix (typicky C:\SDFix) a tam najdeš soubor XP_CodecRepair.inf. Zkus si ho přesunout na plochu.
- klikni pravým tlačítkem myši na soubor XP_CodecRepair a zvol možnost nainstalovat.
- po té restartuj Pc a po najetí zpět se mrkni jestli problémy přetrvávají
jinak použij toto:
Stáhni si tento archiv a rozbal si jeho obsah na plochu
- klikni pravým tlačítkem myši na soubor VArestorepolicies.inf a zvol možnost nainstalovat.
- po té restartuj Pc a po najetí zpět se mrkni co ještě za problémy přetrvává + dej sem nový log z HJT
Re: Virus Alert: Prosím pomoc
Napsal: 25 črc 2008 09:39
Tak tady je ten report.txt...ted budu pokracovat dale v postupu, zatim ale stale nemam prava administratora
SDFix: Version 1.208
Run by Administrator on p 25.07.2008 at 09:27
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\Plocha\Dowland\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\ERFB.EXE - Deleted
C:\Documents and Settings\Administrator\Data aplikacˇ\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted
C:\Documents and Settings\Administrator\Local Settings\Temp\ubi90.tmp.exe - Deleted
C:\Program Files\VirusRemover2008\Viruses.bdt - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vistasp1.exe.bat - Deleted
C:\WINDOWS\nfavxwdbpgs.dll - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\s1265.php.bat - Deleted
C:\WINDOWS\eqvwamkl.dll - Deleted
C:\WINDOWS\fdkowvbp.dll - Deleted
C:\WINDOWS\grswptdl.exe - Deleted
C:\WINDOWS\wnslvxtf.dll - Deleted
Folder C:\Documents and Settings\Administrator\Data aplikacˇ\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed
Folder C:\Program Files\VirusRemover2008 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 09:31:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,77,76,95,0c,af,bb,7b,86,c1,b6,9e,7b,6e,d3,84,d0,c5,fb,f2,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000]
"ServiceBinary"="C:\WINDOWS\system32\drivers\VDRV9000.SYS"
"Group"="SCSI Miniport"
"ImagePath"=str(2):"system32\DRIVERS\vdrv9000.sys"
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001
"Tag"=dword:00000043
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum]
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001
"0"="Root\SCSIADAPTER\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,77,76,95,0c,af,bb,7b,86,c1,b6,9e,7b,6e,d3,84,d0,c5,fb,f2,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv9000]
"ServiceBinary"="C:\WINDOWS\system32\drivers\VDRV9000.SYS"
"Group"="SCSI Miniport"
"ImagePath"=str(2):"system32\DRIVERS\vdrv9000.sys"
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001
"Tag"=dword:00000043
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv9000\Enum]
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001
"0"="Root\SCSIADAPTER\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv9000\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv9000\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="171E9D211B37379EC531A26F38D82F4347C0AFC7A1E256380499B1D506BF0B7A424AEE05E0C10D38BC50E3EA3BDCBC868764F4C340FCB22452CD617E17582449E34D975099EA950EFD8CCD66D1EA64DAFDAD709B49DE92FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794C038D530D6EB345298E906915D3F695F367BA949BEB2A0D476F82482152657A81C0D109855373650F1E0DDF3113D0DDCB944597D33166154B128BFD4C7CD0A4FA1E2E8E15807E2F1854C7830D4BF853139A42A1A8EE01A653FCEA345439E382D0F56DDF0B9AACF247C491D10E3332FEA27DF72B8A6B10A72FCF654DC178D9CA9CB5548D9DD8D5AEC694916551F97A8CA5D0C0EE5F2BDAF9C2C7AE014F2A4BAE222A106A3D2AF24043D14B2320A8254C81813DDA292D04F34F189D9D8AD04572840CCF84944A314D74FC045CF4C1ADA8FF5B6C46444477244D728D28EC25C7A7F394386B8088FD40BDCBE24CA321CA5FB7D86AA14EE11E207CCADE50A4DF3F09E81BF97579330D270044FA931AA58652296EAFA0E9AB4336A1F46AE9591264E7475521AF982D4C014480935094BB20C488D9D252373CAB49407F24EEF745FE422536101EB9260153291D42A4AC9A45169122F1D1A4B81035C1C8569C97EA45079BB25C0EC274A0B3D2AEF6EDE843931B239805AAA1798F74B5DA5A84A600A6B84B7AA5330C71D1F59C2ECEA29F99169877B495982EEE6B323A951380BEA3A590130D1365C1EF81462EDB1117B4EE1FD7D3594194210D41B57C9D6C81913F37EDCF251EA0D7A90EFE2A3F7529F49F1B56127411D7EDB60D68DE4591079730903BEB32FF750CE2C7D9EBFCDA450D61F1CAF74816DC0569AD1A387D1459E4AE0D5FD884A662932264B0A009304BD0757FE1BA65B15862AA83D27268B26F478F3A7286B53C30FE06DA9CE88816E8B8D21730B2AAA24BF22430C5D14A5725905526CFC3B4D216D37872FCBE11F66D2421450994E9F2E5231B7F7BC8A166F1E191DDEF0B91395A2BA88B790F5CAF21F215CAF1549394B1769687CF028226689030B7AAC0E503A028F1E5F6315369FF04BBA700131D1175B074AD8D86E66A2D535E5020DC106ACD283850ABEF268F8BA82823792841330DEE366918941D3F5B0440D7AA244898DCF0394DBCEA43912E52F1C6AB4237ABAD883D8EFC96A2D343B6BF12CB1E70384A7A2304175A8D7034F5F053586D05CDF7089D57F159789368D079AA332E16EB9FC19D4E6C7DCC5E54440CC07D9B5DE48C2BD9F8F1A5B5658B09A22B3D14D1FDAE8C0123F1184D8580B279793B55F7D27628F90B5BD29D17C21CAB571F0A9371A75980B814DC7BA7EDB0C1D50D3BD852DD10E95C9975C118653621934A257"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"G:\Dole~ité\Tom Clancy\xb4s Rainbow Six Vegas CZ.exe"="Tom Clancy\xb4s Rainbow Six Vegas CZ"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\ADMINI~1\Plocha\Dowland\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 25 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 11 Jul 2008 888 ...HR --- "C:\Documents and Settings\Administrator\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Finished!
SDFix: Version 1.208
Run by Administrator on p 25.07.2008 at 09:27
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\Plocha\Dowland\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\ERFB.EXE - Deleted
C:\Documents and Settings\Administrator\Data aplikacˇ\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted
C:\Documents and Settings\Administrator\Local Settings\Temp\ubi90.tmp.exe - Deleted
C:\Program Files\VirusRemover2008\Viruses.bdt - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vistasp1.exe.bat - Deleted
C:\WINDOWS\nfavxwdbpgs.dll - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\s1265.php.bat - Deleted
C:\WINDOWS\eqvwamkl.dll - Deleted
C:\WINDOWS\fdkowvbp.dll - Deleted
C:\WINDOWS\grswptdl.exe - Deleted
C:\WINDOWS\wnslvxtf.dll - Deleted
Folder C:\Documents and Settings\Administrator\Data aplikacˇ\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed
Folder C:\Program Files\VirusRemover2008 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 09:31:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,77,76,95,0c,af,bb,7b,86,c1,b6,9e,7b,6e,d3,84,d0,c5,fb,f2,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000]
"ServiceBinary"="C:\WINDOWS\system32\drivers\VDRV9000.SYS"
"Group"="SCSI Miniport"
"ImagePath"=str(2):"system32\DRIVERS\vdrv9000.sys"
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001
"Tag"=dword:00000043
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum]
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001
"0"="Root\SCSIADAPTER\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,77,76,95,0c,af,bb,7b,86,c1,b6,9e,7b,6e,d3,84,d0,c5,fb,f2,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv9000]
"ServiceBinary"="C:\WINDOWS\system32\drivers\VDRV9000.SYS"
"Group"="SCSI Miniport"
"ImagePath"=str(2):"system32\DRIVERS\vdrv9000.sys"
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001
"Tag"=dword:00000043
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv9000\Enum]
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001
"0"="Root\SCSIADAPTER\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv9000\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdrv9000\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="171E9D211B37379EC531A26F38D82F4347C0AFC7A1E256380499B1D506BF0B7A424AEE05E0C10D38BC50E3EA3BDCBC868764F4C340FCB22452CD617E17582449E34D975099EA950EFD8CCD66D1EA64DAFDAD709B49DE92FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794C038D530D6EB345298E906915D3F695F367BA949BEB2A0D476F82482152657A81C0D109855373650F1E0DDF3113D0DDCB944597D33166154B128BFD4C7CD0A4FA1E2E8E15807E2F1854C7830D4BF853139A42A1A8EE01A653FCEA345439E382D0F56DDF0B9AACF247C491D10E3332FEA27DF72B8A6B10A72FCF654DC178D9CA9CB5548D9DD8D5AEC694916551F97A8CA5D0C0EE5F2BDAF9C2C7AE014F2A4BAE222A106A3D2AF24043D14B2320A8254C81813DDA292D04F34F189D9D8AD04572840CCF84944A314D74FC045CF4C1ADA8FF5B6C46444477244D728D28EC25C7A7F394386B8088FD40BDCBE24CA321CA5FB7D86AA14EE11E207CCADE50A4DF3F09E81BF97579330D270044FA931AA58652296EAFA0E9AB4336A1F46AE9591264E7475521AF982D4C014480935094BB20C488D9D252373CAB49407F24EEF745FE422536101EB9260153291D42A4AC9A45169122F1D1A4B81035C1C8569C97EA45079BB25C0EC274A0B3D2AEF6EDE843931B239805AAA1798F74B5DA5A84A600A6B84B7AA5330C71D1F59C2ECEA29F99169877B495982EEE6B323A951380BEA3A590130D1365C1EF81462EDB1117B4EE1FD7D3594194210D41B57C9D6C81913F37EDCF251EA0D7A90EFE2A3F7529F49F1B56127411D7EDB60D68DE4591079730903BEB32FF750CE2C7D9EBFCDA450D61F1CAF74816DC0569AD1A387D1459E4AE0D5FD884A662932264B0A009304BD0757FE1BA65B15862AA83D27268B26F478F3A7286B53C30FE06DA9CE88816E8B8D21730B2AAA24BF22430C5D14A5725905526CFC3B4D216D37872FCBE11F66D2421450994E9F2E5231B7F7BC8A166F1E191DDEF0B91395A2BA88B790F5CAF21F215CAF1549394B1769687CF028226689030B7AAC0E503A028F1E5F6315369FF04BBA700131D1175B074AD8D86E66A2D535E5020DC106ACD283850ABEF268F8BA82823792841330DEE366918941D3F5B0440D7AA244898DCF0394DBCEA43912E52F1C6AB4237ABAD883D8EFC96A2D343B6BF12CB1E70384A7A2304175A8D7034F5F053586D05CDF7089D57F159789368D079AA332E16EB9FC19D4E6C7DCC5E54440CC07D9B5DE48C2BD9F8F1A5B5658B09A22B3D14D1FDAE8C0123F1184D8580B279793B55F7D27628F90B5BD29D17C21CAB571F0A9371A75980B814DC7BA7EDB0C1D50D3BD852DD10E95C9975C118653621934A257"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"G:\Dole~ité\Tom Clancy\xb4s Rainbow Six Vegas CZ.exe"="Tom Clancy\xb4s Rainbow Six Vegas CZ"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\ADMINI~1\Plocha\Dowland\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 25 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 11 Jul 2008 888 ...HR --- "C:\Documents and Settings\Administrator\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Finished!
Re: Virus Alert: Prosím pomoc
Napsal: 25 črc 2008 09:43
Uz je vse OK. Moc dekuji za pomoc!!!
Re: Virus Alert: Prosím pomoc
Napsal: 25 črc 2008 15:12
Dej sem ještě ten log z HJT.