Prosím o pomoc - AVG mi detekuje stále trojany

[hkotrc]

rkill jsem zkoušel, ale pořád se načte jen prázdný poznámkový blok s tím, že nelze nalézt cestu

[vyosek]

takze jak to je? na plose se vytvori prazdny textak rkill.txt a vyskoci hlaska ze system nemuze nalezt uvedenou cestu? Ale log (sic prazdny) je vytvoreny?

[hkotrc]

Ne, on se právě vůbec nevytvoří. Jen skočí na obrazovku, ale to je vše. Asi jsem to předtím špatně formuloval

[vyosek]

OK, diky za info, predam autorovi, uz na tom pracuje

A my jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[hkotrc]

Ty jo, opravdu vám moc děkuju!:) Čištění jsem provedl, uklidil jsem, tak snad to bude teďka bez problémů. Kdyžtak vím, kam se obrátit. Ještě jednou moc díky!

[vyosek]

Muzete jeste prosim otestovat rkill http://download.bleepingcomputer.com/grinler/rkill.exe je aktualizovan

[hkotrc]

Tady je log z rkillu, už šel bez problémů


Rkill 2.3.14 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/13/2012 11:20:17 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* Služba obnovení systému (srservice) is not Running.
Startup Type set to: Automatic

* Ovladač filtru Obnovy systému (sr) is not Running.
Startup Type set to: Disabled

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/13/2012 11:20:36 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

[vyosek]

Jeste tam mame malou drobnost

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

• Ulozte nejlepe na Plochu
• U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
• Kliknete na Scan
• Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

[hkotrc]

Tady je log

Farbar Service Scanner Version: 06-08-2012
Ran by Spravce (administrator) on 14-09-2012 at 08:31:12
Running from "C:\Documents and Settings\Spravce\Plocha"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0125952 ____A (Microsoft Corporation) 8C9A53E285AC5E6704844D0459EC85BE

C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0045568 ____A (Microsoft Corporation) 0634B791684B84F4A331F3D3536FEEF8

C:\windows\system32\ipnathlp.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0329728 ____A (Microsoft Corporation) F58FACA9621D2DB01BD0927D9A0A208E

C:\windows\system32\netman.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0198144 ____A (Microsoft Corporation) 72E1E9E2977BE08BDEEDB6D8FD9D4D40

C:\windows\system32\wbem\WMIsvc.dll
[2008-09-20 00:47] - [2008-04-14 14:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\windows\system32\srsvc.dll
[2008-09-20 00:49] - [2008-04-14 14:00] - 0171008 ____A (Microsoft Corporation) 35B91147124F64AC8081A2EDB9EA4DEE

C:\windows\system32\Drivers\sr.sys
[2008-09-20 00:49] - [2008-04-14 14:00] - 0073344 ___AC (Microsoft Corporation) 94610C8653635E4459316A0050D55CE7

C:\windows\system32\wscsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3

C:\windows\system32\wbem\WMIsvc.dll
[2008-09-20 00:47] - [2008-04-14 14:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\windows\system32\wuauserv.dll
[2008-09-20 00:50] - [2008-04-14 14:00] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308

C:\windows\system32\qmgr.dll
[2008-09-20 00:50] - [2008-04-14 14:00] - 0409088 ____A (Microsoft Corporation) 19395D092FD85DDC2D9C7729CF5A2AC8

C:\windows\system32\es.dll
[2008-04-14 14:00] - [2008-07-07 22:29] - 0253952 ____A (Microsoft Corporation) A371F11EF07653591C8DE26AFB13CE7F

C:\windows\system32\cryptsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0062464 ____A (Microsoft Corporation) F3AB0933CBD166D271992F411C27CCAF

C:\windows\system32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) BE4A520E29B6391F49E79CCC52044D93

C:\windows\system32\rpcss.dll
[2008-04-14 14:00] - [2009-02-09 12:56] - 0401408 ____A (Microsoft Corporation) BE27674D1CBC3214AEC84B4336A38BBF

C:\windows\system32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9EF697AF07BB8DD82C3B02CA953A95B7


Extra List:
=======
Avgtdix(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(8) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000090000000A000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

[vyosek]

Stahnete Service Repair http://kb.eset.com/library/ESET/KB%20Te ... Repair.exe

• Ulozte nejlepe na Plochu
• Spustte a potvrdte Yes abyste potvrdil reinstalaci sluzeb
• Nasledne kliknutim na Yes potvrdte restart PC
• Na Plose vznikne slozka CC Support, najdete tam log SvcRepair.txt - mel by byt CC Support\Logs\SvcRepair.txt - vlozte mi jej sem

[hkotrc]

Tady je ten log SvcRepair.log


Log Opened: 2012-09-14 @ 22:48:19
22:48:19 - -----------------
22:48:19 - | Begin Logging |
22:48:19 - -----------------
22:48:19 - Fix started on a WIN_XP X86 computer
22:48:19 - Prep in progress. Please Wait.
22:48:21 - Prep complete
22:48:21 - Repairing Services Now. Please wait...
22:48:21 - Services Repair Complete.
22:48:27 - Reboot Initiated

[vyosek]

Otevrete si poznamkovy blok

• Start->spustit->notepad
• Vlozte text nize

• Kód: Vybrat vše

  Windows Registry Editor Version 5.00
  
  [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
  "DisableSR"=dword:00000000

• Soubor ulozte jako oprava.reg
• Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
• 
• Zavrit notepad a spustit dvojklikem oprava.reg
• Pripadny dotaz na zmenu registru potvrdte
• Okno jen problikne a opravi regsitry - soubor muzete smazat

Udelejte znovu sken pomoci Rkillu a Farbar Service Scanner - logy opet sem

[hkotrc]

Log z rkillu


Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/15/2012 01:36:54 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* Služba obnovení systému (srservice) is not Running.
Startup Type set to: Automatic

* Ovladač filtru Obnovy systému (sr) is not Running.
Startup Type set to: Disabled

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
* sr => \SystemRoot\system32\DRIVERS\sr.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/15/2012 01:37:17 PM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)

[hkotrc]

A FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Spravce (administrator) on 15-09-2012 at 13:38:41
Running from "C:\Documents and Settings\Spravce\Plocha"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0125952 ____A (Microsoft Corporation) 8C9A53E285AC5E6704844D0459EC85BE

C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0045568 ____A (Microsoft Corporation) 0634B791684B84F4A331F3D3536FEEF8

C:\windows\system32\ipnathlp.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0329728 ____A (Microsoft Corporation) F58FACA9621D2DB01BD0927D9A0A208E

C:\windows\system32\netman.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0198144 ____A (Microsoft Corporation) 72E1E9E2977BE08BDEEDB6D8FD9D4D40

C:\windows\system32\wbem\WMIsvc.dll
[2008-09-20 00:47] - [2008-04-14 14:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\windows\system32\srsvc.dll
[2008-09-20 00:49] - [2008-04-14 14:00] - 0171008 ____A (Microsoft Corporation) 35B91147124F64AC8081A2EDB9EA4DEE

C:\windows\system32\Drivers\sr.sys
[2008-09-20 00:49] - [2008-04-14 14:00] - 0073344 ___AC (Microsoft Corporation) 94610C8653635E4459316A0050D55CE7

C:\windows\system32\wscsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3

C:\windows\system32\wbem\WMIsvc.dll
[2008-09-20 00:47] - [2008-04-14 14:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\windows\system32\wuauserv.dll
[2008-09-20 00:50] - [2008-04-14 14:00] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308

C:\windows\system32\qmgr.dll
[2008-09-20 00:50] - [2008-04-14 14:00] - 0409088 ____A (Microsoft Corporation) 19395D092FD85DDC2D9C7729CF5A2AC8

C:\windows\system32\es.dll
[2008-04-14 14:00] - [2008-07-07 22:29] - 0253952 ____A (Microsoft Corporation) A371F11EF07653591C8DE26AFB13CE7F

C:\windows\system32\cryptsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0062464 ____A (Microsoft Corporation) F3AB0933CBD166D271992F411C27CCAF

C:\windows\system32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) BE4A520E29B6391F49E79CCC52044D93

C:\windows\system32\rpcss.dll
[2008-04-14 14:00] - [2009-02-09 12:56] - 0401408 ____A (Microsoft Corporation) BE27674D1CBC3214AEC84B4336A38BBF

C:\windows\system32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9EF697AF07BB8DD82C3B02CA953A95B7


Extra List:
=======
Avgtdix(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(8) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000090000000A000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

[hkotrc]

Stále tam něco je?