Prosím o kontrolu LOGU

[cokeyn]

xxxxxxxxxx

[altrok]

Krasny den Vam preju



V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan (Skenovani), pote na Clean (Cisteni)
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

[cokeyn]

xxxxxxxxx

[altrok]

Podle logu, ktery jste vlozil, jste pouzil pouze volbu Skenovani, nikoliv Cisteni.

# Spuštěno z : C:\Users\vitkovicova\Desktop\adwcleaner_6.045.exe
# Mod: Skenování

[cokeyn]

xxxxxxxx

[altrok]

Nic se nedeje. Jen jsem z logu nepoznal, zda jste nalezy i mazal. Ted se mrkneme na toho keyloggera.


Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

[cokeyn]

xxxxxxxxxxx

[cokeyn]

xxxxxxxxxxx

[altrok]

Jedna se o pracovni nebo soukrome PC?


Odinstalujte starou a zranitelnou verzi Javy. Pokud Javu potrebujete, pak nainstalujte novou z java.com/verify - pozor na adware pri instalaci. Pote se presvedcte, ze starsi verze jsou odinstalovane. Z hlediska bezpecnosti (zranitelnosti a exploity) je lepsi ji nemit. Aktualni je 8U121. Verze Javy, ktere v PC mate nainstalovane:

• Java 8 Update 66

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
  HKLM\...\Run: [1cec3697ffa6e7091e5fa5ec2f8f0a76] => C:\Users\vitkovicova\AppData\Local\Temp\windos.exe [338944 2017-04-07] () <===== ATTENTION
  HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
  HKU\S-1-5-21-2647693211-4218136991-3641475926-1146\...\Run: [1cec3697ffa6e7091e5fa5ec2f8f0a76] => C:\Users\vitkovicova\AppData\Local\Temp\windos.exe [338944 2017-04-07] () <===== ATTENTION
  ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File
  Startup: C:\Users\vitkovicova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1cec3697ffa6e7091e5fa5ec2f8f0a76.exe [2017-04-07] ()
  File: C:\ProgramData\ASGVIS\Common\x64\vc10\Distributed Rendering\XMLDRSpawner.exe
  Toolbar: HKU\S-1-5-21-2647693211-4218136991-3641475926-1146 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  S3 gdrv; \??\C:\Windows\gdrv.sys [X]
  2017-04-13 12:38 - 2017-04-13 12:38 - 00000000 ____D C:\rsit
  2017-04-13 12:38 - 2017-04-13 12:38 - 00000000 ____D C:\Program Files\trend micro
  2017-04-13 12:34 - 2017-04-13 12:34 - 01329152 _____ C:\Users\vitkovicova\Downloads\RSITx64 (1).exe
  2017-04-13 12:34 - 2017-04-13 12:34 - 01222144 _____ C:\Users\vitkovicova\Downloads\RSITx64.exe
  CustomCLSID: HKU\S-1-5-21-2647693211-4218136991-3641475926-1146_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
  CustomCLSID: HKU\S-1-5-21-2647693211-4218136991-3641475926-1146_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
  CustomCLSID: HKU\S-1-5-21-2647693211-4218136991-3641475926-1146_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
  FirewallRules: [{32EDFBA1-BC08-4E9A-AD0D-14039940354B}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
  FirewallRules: [{315D57CC-A887-475D-A121-36E432072C24}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
  FirewallRules: [{1FFECC97-4C8F-4C66-BDBE-A6558E17435C}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
  FirewallRules: [{5FF96E4E-3132-490E-9E3B-A607162FDD25}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
  FirewallRules: [{44272E17-F8F5-4D1B-954C-32C1D094E42F}] => (Allow) C:\Users\vitkovicova\AppData\Local\Temp\windos.exe
  FirewallRules: [{9BB59EBC-3F3A-434B-AD73-EC2FF82B8F29}] => (Allow) C:\Users\vitkovicova\AppData\Local\Temp\windos.exe
  CMD: dir "C:\Windows\Inf" /AD
  CMD: dir "C:\PROGRA~1"
  CMD: dir "C:\PROGRA~2"
  CMD: dir "C:\PROGRA~3"
  CMD: dir "%localappdata%"
  CMD: dir "%appdata%"
  Hosts:
  EmptyTemp:
  End

[cokeyn]

xxxxxxxxxxxxxxx

[altrok]

Prave jsme porusili pravidlo fora c.6. Podobnou cinnost si muzete bez problemu dat do nakladu.

Zhruba tyden v tomto stroji bezel keylogger - nevim, zda je to rozumna cena za crackovani Autodesku na firemnim PC. Kazdopadne tento malware byl dle logu odstranen, takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.