Prosím o pomoc - AVG mi detekuje stále trojany

[vyosek]

Omlouvam se za zdrzeni, vcera jsem se vubec nedostal k PC...

Opomenul jsem napsat do navodu ze po tom importu do registru byl potreba restart PC, pokud jste jej neudelal, tak prosim udelejte RKill a FSS znovu...

diky a omlouvam se

[hkotrc]

Nic se neděje:)

Nerestartoval jsem, takže tady je nový log z rkillu

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2012 07:47:33 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* Služba obnovení systému (srservice) is not Running.
Startup Type set to: Automatic

* Ovladač filtru Obnovy systému (sr) is not Running.
Startup Type set to: Disabled

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
* sr => \SystemRoot\system32\DRIVERS\sr.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/16/2012 07:47:52 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

[hkotrc]

A nový log z FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Spravce (administrator) on 16-09-2012 at 19:49:17
Running from "C:\Documents and Settings\Spravce\Plocha"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0125952 ____A (Microsoft Corporation) 8C9A53E285AC5E6704844D0459EC85BE

C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0045568 ____A (Microsoft Corporation) 0634B791684B84F4A331F3D3536FEEF8

C:\windows\system32\ipnathlp.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0329728 ____A (Microsoft Corporation) F58FACA9621D2DB01BD0927D9A0A208E

C:\windows\system32\netman.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0198144 ____A (Microsoft Corporation) 72E1E9E2977BE08BDEEDB6D8FD9D4D40

C:\windows\system32\wbem\WMIsvc.dll
[2008-09-20 00:47] - [2008-04-14 14:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\windows\system32\srsvc.dll
[2008-09-20 00:49] - [2008-04-14 14:00] - 0171008 ____A (Microsoft Corporation) 35B91147124F64AC8081A2EDB9EA4DEE

C:\windows\system32\Drivers\sr.sys
[2008-09-20 00:49] - [2008-04-14 14:00] - 0073344 ___AC (Microsoft Corporation) 94610C8653635E4459316A0050D55CE7

C:\windows\system32\wscsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3

C:\windows\system32\wbem\WMIsvc.dll
[2008-09-20 00:47] - [2008-04-14 14:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\windows\system32\wuauserv.dll
[2008-09-20 00:50] - [2008-04-14 14:00] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308

C:\windows\system32\qmgr.dll
[2008-09-20 00:50] - [2008-04-14 14:00] - 0409088 ____A (Microsoft Corporation) 19395D092FD85DDC2D9C7729CF5A2AC8

C:\windows\system32\es.dll
[2008-04-14 14:00] - [2008-07-07 22:29] - 0253952 ____A (Microsoft Corporation) A371F11EF07653591C8DE26AFB13CE7F

C:\windows\system32\cryptsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0062464 ____A (Microsoft Corporation) F3AB0933CBD166D271992F411C27CCAF

C:\windows\system32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) BE4A520E29B6391F49E79CCC52044D93

C:\windows\system32\rpcss.dll
[2008-04-14 14:00] - [2009-02-09 12:56] - 0401408 ____A (Microsoft Corporation) BE27674D1CBC3214AEC84B4336A38BBF

C:\windows\system32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9EF697AF07BB8DD82C3B02CA953A95B7


Extra List:
=======
Avgtdix(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(8) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000090000000A000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

[vyosek]

Mate umyslne vypnutou obnovu systemu

[hkotrc]

Tak tohle jsem nevěděl. Už jsem ji zapnul

[vyosek]

Poprosim tedy o nove logy

[hkotrc]

Bez restartu nebo je nutný?

[vyosek]

Udelejte prosim restart at mame jistotu

[hkotrc]

rkill


Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2012 09:35:36 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/16/2012 09:35:54 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

[hkotrc]

A FSS:)

Farbar Service Scanner Version: 06-08-2012
Ran by Spravce (administrator) on 16-09-2012 at 21:36:45
Running from "C:\Documents and Settings\Spravce\Plocha"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0125952 ____A (Microsoft Corporation) 8C9A53E285AC5E6704844D0459EC85BE

C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0045568 ____A (Microsoft Corporation) 0634B791684B84F4A331F3D3536FEEF8

C:\windows\system32\ipnathlp.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0329728 ____A (Microsoft Corporation) F58FACA9621D2DB01BD0927D9A0A208E

C:\windows\system32\netman.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0198144 ____A (Microsoft Corporation) 72E1E9E2977BE08BDEEDB6D8FD9D4D40

C:\windows\system32\wbem\WMIsvc.dll
[2008-09-20 00:47] - [2008-04-14 14:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\windows\system32\srsvc.dll
[2008-09-20 00:49] - [2008-04-14 14:00] - 0171008 ____A (Microsoft Corporation) 35B91147124F64AC8081A2EDB9EA4DEE

C:\windows\system32\Drivers\sr.sys
[2008-09-20 00:49] - [2008-04-14 14:00] - 0073344 ___AC (Microsoft Corporation) 94610C8653635E4459316A0050D55CE7

C:\windows\system32\wscsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0080896 ____A (Microsoft Corporation) 4C86D5FAF78194995AF9CC1075F65DD3

C:\windows\system32\wbem\WMIsvc.dll
[2008-09-20 00:47] - [2008-04-14 14:00] - 0144896 ____A (Microsoft Corporation) E488332126E3B1182D2B8A0C35408EC6

C:\windows\system32\wuauserv.dll
[2008-09-20 00:50] - [2008-04-14 14:00] - 0006656 ____A (Microsoft Corporation) C1364564800EE9784192145324A23308

C:\windows\system32\qmgr.dll
[2008-09-20 00:50] - [2008-04-14 14:00] - 0409088 ____A (Microsoft Corporation) 19395D092FD85DDC2D9C7729CF5A2AC8

C:\windows\system32\es.dll
[2008-04-14 14:00] - [2008-07-07 22:29] - 0253952 ____A (Microsoft Corporation) A371F11EF07653591C8DE26AFB13CE7F

C:\windows\system32\cryptsvc.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0062464 ____A (Microsoft Corporation) F3AB0933CBD166D271992F411C27CCAF

C:\windows\system32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) BE4A520E29B6391F49E79CCC52044D93

C:\windows\system32\rpcss.dll
[2008-04-14 14:00] - [2009-02-09 12:56] - 0401408 ____A (Microsoft Corporation) BE27674D1CBC3214AEC84B4336A38BBF

C:\windows\system32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9EF697AF07BB8DD82C3B02CA953A95B7


Extra List:
=======
Avgtdix(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(8) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000090000000A000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

[vyosek]

Super, jsou tedy jeste nejake problemy

RKill i FSS muzete smazat

[hkotrc]

Všechno vypadá pro teď v pořádku, testy nic nenacházejí:)

[vyosek]

Pokud tedy nejsou problemy ci dotazy, je to z me strany vse

[hkotrc]

Ještě bych se chtěl zeptat, jestli je na trhu "lepší" antivir než AVG. Něco, co méně zatěžuje pc a má lepší detekce? V tomhle jsem nijak nebádal a jedu prodlužování licence a protože mi za nějaký měsíc končí, tak mě napadlo, jestli by nebylo dobré něco změnit?

[vyosek]

antivir avg je spise parodii na antivir - u nas jej rozhodne nedoporucujeme, jak jste psal - vysoka zatez, slabsi detekce

Dle meho staci pro bezneho uzivatele free Avast, pokud platit za bezp. SW, tak koupit cele balicky KIS ci NIS

Prehled nami doporuceneho zabezpeceni je zde http://forum.viry.cz/viewtopic.php?f=29&t=6152