VIRY.CZ

Zkuste ještě TDSS remover: http://translate.googleusercontent.com/ ... QmSRXkIvzQ .

Zkusil som ho a nic mi nenasiel a na stranke je pisane ze win 7 32 a ja mam 64, nechce sa mi kvoli tomu viru preinstalovavat win

Měl by fugovat i na 64bitu: http://support.kaspersky.com/viruses/so ... =208280684 .

tiez nic nenasiel

Zdravim, omlouvam se kolegovi za vstup

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :files
  C:\Windows\tasks\At*.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Stahnete SPTD http://www.duplexsecure.com/en/downloads

• Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
• Ulozte na plochu a spustte
• Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

• Ulozte na plochu a spustte
• Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe - nespoustejte

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

OTM

All processes killed
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\506DDFBE983F4BC384B865F423B2D798.TMP folder moved successfully.
C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP folder moved successfully.
C:\Windows\msdownld.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB47.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2AE.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\Installer\MSI32D.tmp- folder moved successfully.
C:\Windows\Installer\MSI5DC7.tmp moved successfully.
C:\Windows\Installer\MSI8F41.tmp moved successfully.
C:\Windows\Installer\MSIA18C.tmp moved successfully.
C:\Windows\Installer\MSIB2D8.tmp moved successfully.
C:\Windows\Installer\MSIB4C7.tmp moved successfully.
C:\Windows\Temp\NOD5F65.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Michal
->Temp folder emptied: 2999300744 bytes
->Temporary Internet Files folder emptied: 18111894 bytes
->Java cache emptied: 348909 bytes
->FireFox cache emptied: 66069602 bytes
->Flash cache emptied: 59155 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2939978 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50453 bytes
RecycleBin emptied: 301295616 bytes

Total Files Cleaned = 3 231,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12012010_154123

Files moved on Reboot...
C:\Users\Michal\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{501BEC8F-29D5-4F8D-B7CB-D08B9CC06662}.tmp not found!
File C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{57945C86-C461-4696-BE80-72EE17393148}.tmp not found!
File C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{88051215-5C1F-4934-BF4B-4AB9633F92FB}.tmp not found!
File C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A067A158-8F0F-47DB-B406-D230A0E19CC4}.tmp not found!
File move failed. C:\Windows\temp\adb.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...



MBR

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Popisovač nie je platný.
kernel: error reading MBR

Mate instalacni CD\DVD

Odstranovani mbr rootkitu z 64bit OS je bohuzel v soucasne dobe problem, jelikoz vetsina utilit je nefunkcnich a pokud funguji, tak obcas je treba provest opravnou instalaci...

Ano mam

Pripadne mate PC ze ktereho by jste se ozval, kdyby se Vam nepodarilo dat do PC do kupy Mate zalohu dulezitych dat - nemel byste o ne prijit, ale kdyby nahodou...

keby sa nieco stalo tak sa ozvem z HTC Desire, co mam teda? Data mam a ostatne ked sa pokazi tak bohuzial budem musiet instalovat

Presunte bootkit remover na plochu, jestli jej tam jeste nemate

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\remover.exe" fix \\.\PhysicalDrive1

• Kliknete na OK
• Restartujte PC

Muze se stat ze po restartu na Vas vyskoci cerna obrazovka podobna te nize


Vlozte tedy instalacni DVD a provedte opravu - navod zde http://www.viry.cz/forum/viewtopic.php?f=25&t=102161

Pak napiste jak to dopadlo a bude testovat, pripadne zkouset dal

neviem teda

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -f

• Kliknete na OK

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Popisovač nie je platný.
kernel: error reading MBR

Nabootujte z instal DVD

Az se dostanete na tuto obrazovku - zvolte Prikazovy radek


Napiste FIXMBR, odenterujte, napiste EXIT, odenterujte

Klik na Restartovat a nechte nabehnout PC normalne

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\Desktop\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte