Prosím o kontrolu HJT

[pitimir]

Otestuj subor(y) na >>VIRUSTOTALe<<:

Kód: Vybrat vše

C:\blackra1n.exe

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.

[PECHY15]

http://www.virustotal.com/cs/analisis/b ... 1261745466" onclick="window.open(this.href);return false;

[pitimir]

Dobre. Este ta poprosim o jeden scan, vymazeme nalezy a docistime to

Stiahni CKScanner na plochu. Spust program dvojklikom na ikonu. Otvori sa okno, v nom klik na "Search For Files". Zacne scan, po jeho skonceni klikni na "Save List To File" -> "OK". Na ploche by sa mal objavit subor s nazvom CKFiles.txt, jeho obsah mi sem skopiruj.

[PECHY15]

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\pechy\dokumenty\hudba\itunes\itunes media\mobile applications\fifa.2010.v1.0.2.iphone.ipod.touch.repack.cracked-lpnrnapda.ipa
c:\documents and settings\pechy\dokumenty\hudba\itunes\itunes media\mobile applications\idracula-v1.1.1-italiancrackers.ipa
c:\documents and settings\pechy\pechy - dokumenty\iphone\fifa.2010.v1.0.2.iphone.ipod.touch.repack.cracked-lpnrnapda.ipa
c:\documents and settings\pechy\pechy - dokumenty\iphone\idracula-v1.1.1-italiancrackers.ipa
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\mixmeister fusion v7.0.2.0\crack\fusiondemo.exe
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\mixmeister fusion v7.0.2.0\crack\home.url
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\mixmeister fusion v7.0.2.0\crack\mmenginedemo.dll
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\virtual dj 6.0.1 + crack\install_virtualdj_trial_v6.0.1.exe
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\virtual dj 6.0.1 + crack\leeme.txt
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\virtual dj 6.0.1 + crack\tukero blog.url
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\virtual dj 6.0.1 + crack\crack\description.nfo
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\virtual dj 6.0.1 + crack\crack\virtualdj_trial.exe
c:\program files\babylon\crack.exe
c:\program files\bestgameever\audiosurf\engine\channels\crypt.dll
c:\program files\cyberlink\power dvd 7\corekeygen_pdvd7.0\core.nfo
c:\program files\valve\half-life 2\hl2\materials\glass\glasswindow018a_cracked.vmt
c:\program files\valve\half-life 2\hl2\materials\glass\glasswindow018a_cracked.vtf
scanner sequence 3.GJ.11
----- EOF -----

[pitimir]

Stiahni OTM. Do laveho policka skopiruj:

Kód: Vybrat vše

:files
c:\documents and settings\pechy\dokumenty\hudba\itunes\itunes media\mobile applications\fifa.2010.v1.0.2.iphone.ipod.touch.repack.cracked-lpnrnapda.ipa
c:\documents and settings\pechy\dokumenty\hudba\itunes\itunes media\mobile applications\idracula-v1.1.1-italiancrackers.ipa
c:\documents and settings\pechy\pechy - dokumenty\iphone\fifa.2010.v1.0.2.iphone.ipod.touch.repack.cracked-lpnrnapda.ipa
c:\documents and settings\pechy\pechy - dokumenty\iphone\idracula-v1.1.1-italiancrackers.ipa
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\mixmeister fusion v7.0.2.0\crack\fusiondemo.exe
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\mixmeister fusion v7.0.2.0\crack\home.url
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\mixmeister fusion v7.0.2.0\crack\mmenginedemo.dll
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\virtual dj 6.0.1 + crack
c:\program files\babylon\crack.exe
c:\program files\cyberlink\power dvd 7\corekeygen_pdvd7.0

:commands
[emptytemp]
[reboot]

Klik na "Move It". Nasledne sa ti objavi v okne "Result" pokec, ktory sem cely skopiruj.

P.S.: Keby program ziadal restart, potvr ho. Nasledujuci log najdes v "C:\_OTM\MovedFiles\".

[PECHY15]

All processes killed
========== FILES ==========
c:\documents and settings\pechy\dokumenty\hudba\itunes\itunes media\mobile applications\Fifa.2010.v1.0.2.iPhone.iPod.Touch.Repack.Cracked-LPNRNAPDA.ipa moved successfully.
c:\documents and settings\pechy\dokumenty\hudba\itunes\itunes media\mobile applications\iDracula-v1.1.1-italiancrackers.ipa moved successfully.
c:\documents and settings\pechy\pechy - dokumenty\iphone\Fifa.2010.v1.0.2.iPhone.iPod.Touch.Repack.Cracked-LPNRNAPDA.ipa moved successfully.
c:\documents and settings\pechy\pechy - dokumenty\iphone\iDracula-v1.1.1-italiancrackers.ipa moved successfully.
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\mixmeister fusion v7.0.2.0\crack\FusionDemo.exe moved successfully.
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\mixmeister fusion v7.0.2.0\crack\HOME.url moved successfully.
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\mixmeister fusion v7.0.2.0\crack\MmEngineDemo.dll moved successfully.
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\Virtual DJ 6.0.1 + Crack\Crack folder moved successfully.
c:\documents and settings\pechy\pechy - dokumenty\užitečný instalačky\Virtual DJ 6.0.1 + Crack folder moved successfully.
c:\program files\babylon\crack.exe moved successfully.
c:\program files\cyberlink\power dvd 7\CoreKeygen_PDVD7.0 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS.0

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS.0
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Jindra

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PECHY
->Temp folder emptied: 23900 bytes
->Temporary Internet Files folder emptied: 3327379 bytes
->Java cache emptied: 13690431 bytes

User: Taťulda
->Temp folder emptied: 20499 bytes
->Temporary Internet Files folder emptied: 52710319 bytes
->Java cache emptied: 434344 bytes
->FireFox cache emptied: 18646964 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 84,85 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12262009_113042

Files moved on Reboot...

Registry entries deleted on Reboot...

[pitimir]

1) Docistime to:

• Odinstaluj Combofix:
  Start -> Spustit -> (napis) combofix /uninstall

• Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).

• Precisti PC CCleanerom (vratane registrov).

• Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.