vúbec nerozumím dalšímu postupu co jsi uvedl. Nevím jak na to
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
E:\WINDOWS\System32\lsprst7.dll
E:\WINDOWS\System32\ssprs.dll
E:\WINDOWS\Sof.INI
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.
Prosím o kontrolu HijackThis-problém Vyřešeno
Re: Prosím o kontrolu HijackThis-problém
V možnosetch složky mám povolit dle tvého pokynu zobrazovábní skrytých souborů složek - kde to prosím tě najdu
nenašel jsem Sof.INI
http://www.virustotal.com/cs/analisis/7 ... 1269187767
http://www.virustotal.com/cs/analisis/3 ... 1269187911
nenašel jsem Sof.INI
http://www.virustotal.com/cs/analisis/7 ... 1269187767
http://www.virustotal.com/cs/analisis/3 ... 1269187911
Re: Prosím o kontrolu HijackThis-problém
Ještě jednou jsem to udělal s povolením zobrazovaných skrytých souborů složek
http://www.virustotal.com/cs/analisis/7 ... 1269188561
http://www.virustotal.com/cs/analisis/3 ... 1269188708
poslední skutečně nemohu hajít Program Files\Sof.INI
http://www.virustotal.com/cs/analisis/7 ... 1269188561
http://www.virustotal.com/cs/analisis/3 ... 1269188708
poslední skutečně nemohu hajít Program Files\Sof.INI
Re: Prosím o kontrolu HijackThis-problém
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
E:\WINDOWS\Downloaded Program Files\swflash.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
E:\WINDOWS\tasks\SA.DAT moved successfully.
E:\WINDOWS\tasks\Scheduled scanning task.job moved successfully.
E:\WINDOWS\mngui.INI moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jarda
->Temp folder emptied: 293036 bytes
->Temporary Internet Files folder emptied: 1625915 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 434 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: TEMP
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,00 mb
OTL by OldTimer - Version 3.1.37.3 log created on 03212010_164828
Files\Folders moved on Reboot...
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1A43.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1A7B.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1B83.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1BC5.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1D45.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1D61.tmp not found!
E:\Documents and Settings\Jarda\Local Settings\Temporary Internet Files\Content.IE5\PRS4RMW2\ads[2].htm moved successfully.
E:\Documents and Settings\Jarda\Local Settings\Temporary Internet Files\Content.IE5\M5WJHPDJ\viewtopic[1].htm moved successfully.
E:\Documents and Settings\Jarda\Local Settings\Temporary Internet Files\Content.IE5\1O10AZVE\ads[3].htm moved successfully.
E:\Documents and Settings\Jarda\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
E:\WINDOWS\Downloaded Program Files\swflash.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
E:\WINDOWS\tasks\SA.DAT moved successfully.
E:\WINDOWS\tasks\Scheduled scanning task.job moved successfully.
E:\WINDOWS\mngui.INI moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jarda
->Temp folder emptied: 293036 bytes
->Temporary Internet Files folder emptied: 1625915 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 434 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: TEMP
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,00 mb
OTL by OldTimer - Version 3.1.37.3 log created on 03212010_164828
Files\Folders moved on Reboot...
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1A43.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1A7B.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1B83.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1BC5.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1D45.tmp not found!
File\Folder E:\Documents and Settings\Jarda\Local Settings\Temp\~DF1D61.tmp not found!
E:\Documents and Settings\Jarda\Local Settings\Temporary Internet Files\Content.IE5\PRS4RMW2\ads[2].htm moved successfully.
E:\Documents and Settings\Jarda\Local Settings\Temporary Internet Files\Content.IE5\M5WJHPDJ\viewtopic[1].htm moved successfully.
E:\Documents and Settings\Jarda\Local Settings\Temporary Internet Files\Content.IE5\1O10AZVE\ads[3].htm moved successfully.
E:\Documents and Settings\Jarda\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu HijackThis-problém
Nepsal jsem v Program Files , ale:
Toto otestuj na Virustotal
E:\WINDOWS\System32\lsprst7.dll
E:\WINDOWS\System32\ssprs.dll
E:\WINDOWS\Sof.INI
Toto otestuj na Virustotal
E:\WINDOWS\System32\lsprst7.dll
E:\WINDOWS\System32\ssprs.dll
E:\WINDOWS\Sof.INI
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu HijackThis-problém
Hotovo:Ještě mám na ploše OTL a ToolsCleaner2. Co s tím.
http://www.virustotal.com/cs/analisis/7 ... 1269189839
http://www.virustotal.com/cs/analisis/3 ... 1269190059
http://www.virustotal.com/cs/analisis/5 ... 1269190327
http://www.virustotal.com/cs/analisis/7 ... 1269189839
http://www.virustotal.com/cs/analisis/3 ... 1269190059
http://www.virustotal.com/cs/analisis/5 ... 1269190327
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu HijackThis-problém
OTL a ToolsCleaner2. můžeš smazat.
PC by mělo být čisté , případné problémy se virů netýkají.
PC by mělo být čisté , případné problémy se virů netýkají.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu HijackThis-problém Vyřešeno
Mockrát děkuji za pomoc. PC je snad v pořádku. Ještě jednou děkuji mockrát děkuji. PC je rychlejší 
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 97 hostů