Prosím o kontrolu logu

Zpráva

#16 Příspěvek od **vyosek** » 05 čer 2012 21:34

Ten skript jste ale neaplikoval

Taller · #17 Příspěvek od **Taller** » 06 čer 2012 07:24

Promiňte

ComboFix 12-06-03.05 - zip 06.06.2012 7:44.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1168 [GMT 2:00]
Spuštěný z: c:\users\zip\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\zip\Desktop\CFScript.txt.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-06 do 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 06:08 . 2012-06-06 06:08 -------- d-----w- c:\users\zip\AppData\Local\temp
2012-06-06 06:08 . 2012-06-06 06:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-05 20:19 . 2009-12-15 12:05 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-06-05 20:19 . 2009-12-15 12:05 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-06-05 20:19 . 2009-12-15 12:05 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-06-05 20:19 . 2009-12-15 12:05 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2012-06-05 20:19 . 2012-06-05 20:19 -------- d-----w- c:\program files\O2
2012-06-04 14:41 . 2012-06-04 14:41 -------- d-----w- c:\windows\system32\ca-ES
2012-06-04 14:41 . 2012-06-04 14:41 -------- d-----w- c:\windows\system32\eu-ES
2012-06-04 14:41 . 2012-06-04 14:41 -------- d-----w- c:\windows\system32\vi-VN
2012-06-04 13:58 . 2012-06-04 13:58 -------- d-----w- c:\windows\system32\EventProviders
2012-06-04 09:56 . 2012-06-04 09:56 -------- d-----w- c:\program files\trend micro
2012-06-04 09:56 . 2012-06-04 09:56 -------- d-----w- C:\rsit
2012-06-03 16:18 . 2012-06-03 16:18 -------- d-----w- c:\users\zip\AppData\Local\ESET
2012-06-03 11:40 . 2012-06-03 16:14 -------- d-----w- c:\users\zip\{2c65a960-656f-4490-92ff-22f5e742d8a8}
2012-06-03 04:56 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-03 04:55 . 2012-06-05 18:27 -------- d-----w- c:\programdata\AVAST Software
2012-06-03 04:55 . 2012-06-05 18:27 -------- d-----w- c:\program files\AVAST Software
2012-06-03 04:53 . 2012-06-03 04:53 -------- d-----w- c:\program files\AVAST
2012-06-02 19:08 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C059006-4933-4BC3-A2C9-C995065119F3}\mpengine.dll
2012-05-31 07:14 . 2012-05-31 07:14 -------- d-----w- c:\users\zip\AppData\Roaming\Telefónica Móviles
2012-05-31 07:13 . 2012-06-03 16:14 -------- d-----w- c:\users\zip\{1b00ed9a-b7e2-43ce-87b3-4c6e67c836bf}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 20:15 . 2008-10-22 07:12 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-21 01:18 . 2012-06-05 15:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-02-06 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2010-02-06 14:57 2166296 ----a-w- c:\program files\ToggleEN\tbTog0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-02-06 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog0.dll" [2010-02-06 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2009-07-18 155896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\zip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-24 c:\windows\Tasks\User_Feed_Synchronization-{678C1324-F912-4607-A2A8-A13047F27168}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: Download All by FlashGet - d:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - d:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí FlashGet - d:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - d:\program files\FlashGet\jc_all.htm
FF - ProfilePath - c:\users\zip\AppData\Roaming\Mozilla\Firefox\Profiles\smgelg12.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-06 08:08
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5704)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Celkový čas: 2012-06-06 08:11:54
ComboFix-quarantined-files.txt 2012-06-06 06:11
ComboFix2.txt 2012-06-06 05:21
ComboFix3.txt 2012-06-05 20:06
.
Před spuštěním: Volných bajtů: 90 938 503 168
Po spuštění: Volných bajtů: 90 916 102 144
.
- - End Of File - - F5A8F85EE46563C9251855D338B35F09

#18 Příspěvek od **vyosek** » 06 čer 2012 09:58

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"=-
[-HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"WMPNSCFG"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

:files
c:\program files\ToggleEN\tbTog0.dll
c:\users\zip\{2c65a960-656f-4490-92ff-22f5e742d8a8}
c:\users\zip\{1b00ed9a-b7e2-43ce-87b3-4c6e67c836bf}
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Taller · #19 Příspěvek od **Taller** » 06 čer 2012 11:52

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{038cb5c7-48ea-4af9-94e0-a1646542e62b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{038cb5c7-48ea-4af9-94e0-a1646542e62b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\\{038CB5C7-48EA-4AF9-94E0-A1646542E62B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{038CB5C7-48EA-4AF9-94E0-A1646542E62B}\ not found.
Registry key HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\ deleted successfully.
========== FILES ==========
c:\program files\ToggleEN\tbTog0.dll moved successfully.
c:\users\zip\{2c65a960-656f-4490-92ff-22f5e742d8a8} folder moved successfully.
c:\users\zip\{1b00ed9a-b7e2-43ce-87b3-4c6e67c836bf} folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: zip
->Temp folder emptied: 399023 bytes
->Temporary Internet Files folder emptied: 264304 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56730858 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109932 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 89522805 bytes

Total Files Cleaned = 140,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: zip
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 06062012_124443

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#20 Příspěvek od **vyosek** » 06 čer 2012 22:45

Jak se chova PC

Taller · #21 Příspěvek od **Taller** » 07 čer 2012 11:06

Dobrý den včera jsem na notebooku pracoval asi 2 hod.Po celou dobu bylo vše ok. Jediné co bylo potřeba tak nastavit Avast aby si rozuměli.

#22 Příspěvek od **vyosek** » 07 čer 2012 11:19

Jak to myslite s tim Avastem

Taller · #23 Příspěvek od **Taller** » 07 čer 2012 22:01

Základní nastavení Avastu:vypnout speciální grafické efekty, zapnout herní režim,spouštění Avastu až po ostatních systémových služebách atd. Nastavení výrobce notebook zvládal v pomalém tempu.

#24 Příspěvek od **vyosek** » 07 čer 2012 22:15

tak to potom ano

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou probelmy ci dotazy je to z me strany vse

Taller · #25 Příspěvek od **Taller** » 11 čer 2012 09:23

Dobrý den byl jsem od pátku za kulturou, a k dokončení léčení se dostal až dnes.Vše běží v pořádku a bez menších problémů moc vám děkuji.

#26 Příspěvek od **vyosek** » 12 čer 2012 00:48

Tak to jsem rad ze nam to slape

Jinak, nemate zac, at ntb opet dals dobre slouzi

VIRY.CZ

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu