Dobrý den!
Před pár dny jsem si všiml, že mi zmizely obrázky u zástupců Nod32 a spybotu a nenabíhalo mi po spuštění (což by mělo) Kerio. Něvěnoval jsem tomu pozornost, myslel jsem, že po restartu to bude zas OK, ale nikoliv. nic z toho správně neběželo. NOD32 jsem chtěl reinstalovat už dříve, jelikož mi nešla aktualizovat virová databáze - když jsem spustil jakýkoli z instalačních balíčků, tak mi to zahlásilo "(106) chyba při rozbalování archivu".
Pak jsem zkoušel spustit Kerio, ale zahlásil: "KFE initialization failed: Driver not found".
Spybot jsem ani nespouštěl a rovnou odinstaloval.
Myslím si, že jsem to mohl způsobit nějakou radikální čistkou pomocí ccleaneru!
Děkuji za odpověď!!
NOD32, spybot a kerio crasch! (vyřešeno)
Logfile of HijackThis v1.99.1
Scan saved at 10:52:24, on 23.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Documents and Settings\admin\Data aplikací\hidn\hidn1.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\wincmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Dokumenty\Translator\WDICT32.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\IrfanView\I_VIEW32.EXE
c:\Documents and Settings\admin\Dokumenty\Pavel\Balíčky\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.karneval.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4572599812
O17 - HKLM\System\CCS\Services\Tcpip\..\{7000D835-AE44-480B-B2DF-3E2F7FCE078C}: NameServer = 81.27.192.33,81.27.192.97
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Scan saved at 10:52:24, on 23.7.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Documents and Settings\admin\Data aplikací\hidn\hidn1.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\wincmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Dokumenty\Translator\WDICT32.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\IrfanView\I_VIEW32.EXE
c:\Documents and Settings\admin\Dokumenty\Pavel\Balíčky\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.karneval.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4572599812
O17 - HKLM\System\CCS\Services\Tcpip\..\{7000D835-AE44-480B-B2DF-3E2F7FCE078C}: NameServer = 81.27.192.33,81.27.192.97
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Ukonči v Taskmanageru proces:
C:\Documents and Settings\admin\Data aplikací\hidn\hidn1.exe
Potom jej najdi na disku a celou složku hidn smaž.
V Hijackthisu fixni:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Jinak tam nic špatného není.
Když tak sem hoď upravený log z MWAVu - (návod mám v podpisu)
C:\Documents and Settings\admin\Data aplikací\hidn\hidn1.exe
Potom jej najdi na disku a celou složku hidn smaž.
V Hijackthisu fixni:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Jinak tam nic špatného není.
Když tak sem hoď upravený log z MWAVu - (návod mám v podpisu)
Ta složka "hidn" se mi nezobrazuje, přestože mám zapnuté zobrazování skrytých souborů! Ale když zadám přesnou cestu, tak se otevře, ale je prázdná... Nevím jak bych ji měl odstranit 
posílam ten výpis z MWAV asi tam neí uplně vše...
File C:\DOCUME~1\admin\DATAAP~1\m\flec006.exe infected by "Trojan-Downloader.Win32.Bagle.y" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\ADMIN\DATAAP~1\HIDN\M_HOOK.SYS infected by "Email-Worm.Win32.Bagle.gl" Virus! Action Taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending file found: C:\WINDOWS\tool3.exe
Sun Jul 23 17:12:23 2006 => System found infected with cws.loadadv.401 Browser Hijacker (tool3.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending Folder found: C:\WINDOWS\system32\1024
Sun Jul 23 17:12:23 2006 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending file found: C:\WINDOWS\system32\ncompat.tlb
Sun Jul 23 17:12:23 2006 => System found infected with smitfraud Browser Hijacker (ncompat.tlb)! Action taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending file found: C:\WINDOWS\system32\paytime.exe
Sun Jul 23 17:12:23 2006 => System found infected with paymite Browser Hijacker (paytime.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending file found: C:\WINDOWS\system32\unace.dll
Sun Jul 23 17:12:23 2006 => System found infected with zipitpro Spyware/Adware (unace.dll)! Action taken: No Action Taken.
Sun Jul 23 17:12:32 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\icons.exe
Sun Jul 23 17:12:32 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:33 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18\icons.exe
Sun Jul 23 17:12:33 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:33 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18music\icons.exe
Sun Jul 23 17:12:33 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:35 2006 => Offending Folder found: C:\Documents and Settings\admin\Dokumenty\petra\škola ivt\návody a ovládání programů\příručka html\kosek\sw
Sun Jul 23 17:12:35 2006 => Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Jul 23 17:12:42 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\icons.exe
Sun Jul 23 17:12:42 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:42 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18\icons.exe
Sun Jul 23 17:12:42 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:42 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18music\icons.exe
Sun Jul 23 17:12:42 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:43 2006 => Offending Folder found: C:\Documents and Settings\admin\Dokumenty\petra\škola ivt\návody a ovládání programů\příručka html\kosek\sw
Sun Jul 23 17:12:43 2006 => Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Jul 23 17:12:44 2006 => Checking CLSID Reference Entries...
Sun Jul 23 17:12:44 2006 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Sun Jul 23 17:12:45 2006 => Entry "HKCR\PhotoRecord.Album" refers to invalid object "{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}". Action Taken: No Action Taken.
Sun Jul 23 17:12:46 2006 => Checking Module Usage Entries...
Sun Jul 23 17:12:46 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
Sun Jul 23 17:12:46 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Sun Jul 23 17:12:46 2006 => Checking Shared DLL Entries...
Sun Jul 23 17:12:46 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\HD2DS.exe". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Checking App Path Entries...
Sun Jul 23 17:12:51 2006 => Checking Installer Entries...
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Fonts\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Czech\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Czech\subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\english\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\english\subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\EnglishUS\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\EnglishUS\subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\french\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\french\subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\italian\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\italian\Subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\spanish\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\spanish\Subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Checking Shared Tools Entries...
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Shared Tools\DAO" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO3032.DLL". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Checking File Extension Entries...
Sun Jul 23 17:12:52 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bmk". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Checking Application Cache Entries...
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eMedia Codec". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NOD32". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spybot - Search & Destroy_is1". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ToolbarICQToolbar.ICQToolbarObjectIEToolbar". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{fe7ccec2-0f76-4921-bc75-caaf255cbbf2}". Action Taken: No Action Taken.
Sun Jul 23 17:14:40 2006 => ***** Scanning complete. *****
Sun Jul 23 17:14:40 2006 => Total Objects Scanned: 22712
Sun Jul 23 17:14:40 2006 => Total Critical Objects: 20
Sun Jul 23 17:14:40 2006 => Total Disinfected Objects: 0
Sun Jul 23 17:14:40 2006 => Total Objects Renamed: 0
Sun Jul 23 17:14:40 2006 => Total Deleted Objects: 0
Sun Jul 23 17:14:40 2006 => Total Errors: 41
Sun Jul 23 17:14:40 2006 => Time Elapsed: 00:03:15
Sun Jul 23 17:14:40 2006 => Virus Database Date: 7/23/2006
Sun Jul 23 17:14:40 2006 => Virus Database Count: 209372
Sun Jul 23 17:14:40 2006 => Scan Completed.
posílam ten výpis z MWAV asi tam neí uplně vše...
File C:\DOCUME~1\admin\DATAAP~1\m\flec006.exe infected by "Trojan-Downloader.Win32.Bagle.y" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\ADMIN\DATAAP~1\HIDN\M_HOOK.SYS infected by "Email-Worm.Win32.Bagle.gl" Virus! Action Taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending file found: C:\WINDOWS\tool3.exe
Sun Jul 23 17:12:23 2006 => System found infected with cws.loadadv.401 Browser Hijacker (tool3.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending Folder found: C:\WINDOWS\system32\1024
Sun Jul 23 17:12:23 2006 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending file found: C:\WINDOWS\system32\ncompat.tlb
Sun Jul 23 17:12:23 2006 => System found infected with smitfraud Browser Hijacker (ncompat.tlb)! Action taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending file found: C:\WINDOWS\system32\paytime.exe
Sun Jul 23 17:12:23 2006 => System found infected with paymite Browser Hijacker (paytime.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:23 2006 => Offending file found: C:\WINDOWS\system32\unace.dll
Sun Jul 23 17:12:23 2006 => System found infected with zipitpro Spyware/Adware (unace.dll)! Action taken: No Action Taken.
Sun Jul 23 17:12:32 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\icons.exe
Sun Jul 23 17:12:32 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:33 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18\icons.exe
Sun Jul 23 17:12:33 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:33 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18music\icons.exe
Sun Jul 23 17:12:33 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:35 2006 => Offending Folder found: C:\Documents and Settings\admin\Dokumenty\petra\škola ivt\návody a ovládání programů\příručka html\kosek\sw
Sun Jul 23 17:12:35 2006 => Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Jul 23 17:12:42 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\icons.exe
Sun Jul 23 17:12:42 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:42 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18\icons.exe
Sun Jul 23 17:12:42 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:42 2006 => Offending file found: C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18music\icons.exe
Sun Jul 23 17:12:42 2006 => System found infected with cydoor.topicks.a Spyware/Adware (icons.exe)! Action taken: No Action Taken.
Sun Jul 23 17:12:43 2006 => Offending Folder found: C:\Documents and Settings\admin\Dokumenty\petra\škola ivt\návody a ovládání programů\příručka html\kosek\sw
Sun Jul 23 17:12:43 2006 => Object "sw Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Jul 23 17:12:44 2006 => Checking CLSID Reference Entries...
Sun Jul 23 17:12:44 2006 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Sun Jul 23 17:12:45 2006 => Entry "HKCR\PhotoRecord.Album" refers to invalid object "{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}". Action Taken: No Action Taken.
Sun Jul 23 17:12:46 2006 => Checking Module Usage Entries...
Sun Jul 23 17:12:46 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
Sun Jul 23 17:12:46 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Sun Jul 23 17:12:46 2006 => Checking Shared DLL Entries...
Sun Jul 23 17:12:46 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\HD2DS.exe". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Checking App Path Entries...
Sun Jul 23 17:12:51 2006 => Checking Installer Entries...
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Fonts\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Czech\". Action Taken: No Action Taken.
Sun Jul 23 17:12:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Czech\subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\english\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\english\subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\EnglishUS\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\EnglishUS\subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\french\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\french\subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\italian\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\italian\Subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\spanish\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\spanish\Subtitles\". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Checking Shared Tools Entries...
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Shared Tools\DAO" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO3032.DLL". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Checking File Extension Entries...
Sun Jul 23 17:12:52 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bmk". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Checking Application Cache Entries...
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eMedia Codec". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NOD32". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spybot - Search & Destroy_is1". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ToolbarICQToolbar.ICQToolbarObjectIEToolbar". Action Taken: No Action Taken.
Sun Jul 23 17:12:52 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{fe7ccec2-0f76-4921-bc75-caaf255cbbf2}". Action Taken: No Action Taken.
Sun Jul 23 17:14:40 2006 => ***** Scanning complete. *****
Sun Jul 23 17:14:40 2006 => Total Objects Scanned: 22712
Sun Jul 23 17:14:40 2006 => Total Critical Objects: 20
Sun Jul 23 17:14:40 2006 => Total Disinfected Objects: 0
Sun Jul 23 17:14:40 2006 => Total Objects Renamed: 0
Sun Jul 23 17:14:40 2006 => Total Deleted Objects: 0
Sun Jul 23 17:14:40 2006 => Total Errors: 41
Sun Jul 23 17:14:40 2006 => Time Elapsed: 00:03:15
Sun Jul 23 17:14:40 2006 => Virus Database Date: 7/23/2006
Sun Jul 23 17:14:40 2006 => Virus Database Count: 209372
Sun Jul 23 17:14:40 2006 => Scan Completed.
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Máš jich nalezených 14 z celkem 20 kritických nálezů. Ty refers invalid objekty jsou chybné nebo vadné soubory, které nejsou zavirované.
Stáhni si SmitFraudFix a nachystej na použití (můžeš si jej klidně rozbalit na plochu). Stáhni si Killbox a rozbal jej taky na plochu.
Vypni Obnovu systému (klávesa Windows+Pause/Break - a v okně Vlastnosti systému - karta Obnovení systému zaškrtnout okénko Vypnout nástroj obnovení systému na všech jednotkách. Vypni komp a odpoj kabel od internetu. Tohle si raději vytiskni, nebo ulož na plochu v Notepadu.
Restartuj do Nouzového režimu
Nejdříve znovu zastav v Taskmanageru soubor:
C:\Documents and Settings\admin\Data aplikací\hidn\hidn1.exe
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskneš volbu 2.
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Spusť Killbox a do okénka zkopíruj tento řádek, tak jak je v kódu:
Nastav volby Delete On Reboot a stiskni červený kruh s křížem. Počítač bude chtít restart, tak jej povol a restartuj do normálu.
Potom začni vyhledávat ty zavirované (červené) soubory a mazat:
C:\DOCUME~1\admin\DATAAP~1\m\flec006.exe
C:\DOCUME~1\ADMIN\DATAAP~1\HIDN\M_HOOK.SYS
C:\WINDOWS\tool3.exe
C:\WINDOWS\system32\1024 - složka 1024 musí celá pryč!
C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\unace.dll
C:\Documents and Settings\admin\Dokumenty\pavel\smash\icons.exe - celý adresář Smash zlikviduj
C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18music\icons.exe
C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18\icons.exe
C:\Documents and Settings\admin\Dokumenty\petra\škola ivt\návody a ovládání programů\příručka html\kosek\sw
Pokud něco nenajdeš, je možné, že už budou zlikvidovány SmitfraudFixem. Přesto raději potom udělej ještě jednou log z mwavu.
Stáhni si SmitFraudFix a nachystej na použití (můžeš si jej klidně rozbalit na plochu). Stáhni si Killbox a rozbal jej taky na plochu.
Vypni Obnovu systému (klávesa Windows+Pause/Break - a v okně Vlastnosti systému - karta Obnovení systému zaškrtnout okénko Vypnout nástroj obnovení systému na všech jednotkách. Vypni komp a odpoj kabel od internetu. Tohle si raději vytiskni, nebo ulož na plochu v Notepadu.
Restartuj do Nouzového režimu
Nejdříve znovu zastav v Taskmanageru soubor:
C:\Documents and Settings\admin\Data aplikací\hidn\hidn1.exe
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskneš volbu 2.
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Spusť Killbox a do okénka zkopíruj tento řádek, tak jak je v kódu:
Kód: Vybrat vše
C:\Documents and Settings\admin\Data aplikací\hidn\hidn1.exe Nastav volby Delete On Reboot a stiskni červený kruh s křížem. Počítač bude chtít restart, tak jej povol a restartuj do normálu.
Potom začni vyhledávat ty zavirované (červené) soubory a mazat:
C:\DOCUME~1\admin\DATAAP~1\m\flec006.exe
C:\DOCUME~1\ADMIN\DATAAP~1\HIDN\M_HOOK.SYS
C:\WINDOWS\tool3.exe
C:\WINDOWS\system32\1024 - složka 1024 musí celá pryč!
C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\unace.dll
C:\Documents and Settings\admin\Dokumenty\pavel\smash\icons.exe - celý adresář Smash zlikviduj
C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18music\icons.exe
C:\Documents and Settings\admin\Dokumenty\pavel\smash\smash18\icons.exe
C:\Documents and Settings\admin\Dokumenty\petra\škola ivt\návody a ovládání programů\příručka html\kosek\sw
Pokud něco nenajdeš, je možné, že už budou zlikvidovány SmitfraudFixem. Přesto raději potom udělej ještě jednou log z mwavu.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti