VIRY.CZ

Defragmentaci by bylo vhodnejsi delat az po ukonceni leceni, jeste je potreba system docistit a poupravovat, havet jej poskodila, stejne jako avast

TAk som to spravil v nudzovom rezime ten log tu je

ComboFix 11-08-02.02 - WeRuSQa . 08. 2011 17:28:00.3.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3038.2571 [GMT 2:00]
Running from: c:\users\WeRuSQa\Desktop\ComboFix.exe
Command switches used :: c:\users\WeRuSQa\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 15:33 . 2011-08-02 15:36 -------- d-----w- c:\users\WeRuSQa\AppData\Local\temp
2011-08-02 15:33 . 2011-08-02 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-02 05:08 . 2011-08-02 05:08 -------- d-----w- c:\users\WeRuSQa\AppData\Local\ESET
2011-08-02 04:51 . 2011-08-02 04:51 -------- d-----w- c:\program files\ESET
2011-08-01 16:29 . 2011-08-01 16:29 -------- d-----w- c:\program files\Defraggler
2011-08-01 16:23 . 2011-08-01 16:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-01 14:32 . 2011-08-01 16:56 -------- d-----w- c:\users\WeRuSQa\AppData\Local\Opera
2011-08-01 14:32 . 2011-08-01 16:56 -------- d-----w- c:\program files\Opera
2011-08-01 14:14 . 2011-08-01 14:14 -------- d-----w- c:\users\WeRuSQa\AppData\Roaming\Malwarebytes
2011-08-01 14:14 . 2011-08-01 14:14 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 14:14 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 14:14 . 2011-08-01 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 14:14 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 13:39 . 2011-08-01 13:39 -------- d-----w- C:\rsit
2011-08-01 13:39 . 2011-08-01 13:39 -------- d-----w- c:\program files\trend micro
2011-07-29 14:15 . 2011-07-29 14:15 -------- d-----w- c:\program files\CCleaner
2011-07-29 14:05 . 2011-07-20 07:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6656558C-E788-461A-A13B-5E25CDFAEE87}\mpengine.dll
2011-07-13 08:08 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 08:08 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 08:08 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-01-04 09:59 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-26 450659]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-08 206120]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S1 aswSP;avast! Self Protection; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/02 03:27];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2008-06-27 77824]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-02 17:35
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2011-08-02 17:40:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-02 15:40
ComboFix2.txt 2011-08-01 18:38
ComboFix3.txt 2011-08-01 16:54
.
Pre-Run: 235 463 593 984 bytes free
Post-Run: 232 191 049 728 bytes free
.
- - End Of File - - 840E7F9D5E2DD305AB085A44F8D96316

Jak se chova PC

ja si myslim ze to nieje take najhorsie mozem sa spytat co vlasne ten log urobil? opravil nejake chyby ? atd mam este nejakym programom vycistit pocitac ci uz vlasne netreba ?

ComboFix sam a nasledne pomoci skriptu smazal havet co v PC byla

Zeptam se, NOD je legalni = zakoupena licence

Dle toho pak napisu dalsi postup a samozrejme v PC pouklizime

nod je len stiahnuta verzia skusobna z www.eset..... ale bol tam kedysi awast ja som ho vymazaval pretoze to neslo normalne mazal som avast v nudzovom rezime ale stale mi ostal v priecinku 1 subor co sa za boha neda vymazat potom son mainstaloval nod 32 skusobnui verziu a by ma zaujimalo co to je za subor z toho avast co nejde vymazat tu sa nachadza takto sa vola c:program files\Alwil Software\Avast4\ashShell.dll toto sa neda vymazat za boha ci to mazem ako mazem nejde to

No ale zkusebni doba NODu (30 dni) jiz vyprsela ze

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami at se zbavime zbytku poskozenych antiviru

Nainstalujte Avast free http://www.avast.com/cs-cz/free-antivirus-download - ve sve sestkove verzi je daleko kvalitnejsi jak NOD

Napiste co PC a dejte novy log z RSIT

Oki dakujem za pomoc snad to uz bude v poriadku a prajem príjemny den :-p

Poprosim jeste o novy log z RSIT

VIRY.CZ

FAcebook vírus

Re: FAcebook vírus

Re: FAcebook vírus

Re: FAcebook vírus

Re: FAcebook vírus

Re: FAcebook vírus

Re: FAcebook vírus

Re: FAcebook vírus

Re: FAcebook vírus

Re: FAcebook vírus