Security tool + kontrola logu

[vyosek]

Zkuste nyni provest MBAM

[blackflag]

Log z Mbamu :


Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4945

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25. 10. 2010 23:10:56
mbam-log-2010-10-25 (23-10-56).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 195548
Uplynulý čas: 35 minuta(y), 9 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
D:\zaloha\Win7.exe (Hacktool.ChewWGA) -> No action taken.

[vyosek]

Co si o te polozce D:\zaloha\Win7.exe (Hacktool.ChewWGA) mam myslet, co to je zac

[blackflag]

pardon, uz je delete

[vyosek]

Vychazi mi z toho jedine, Vas OS je nelegalni, je tomu tak

[blackflag]

Nie je to moje pc, neskumal som to, v systeme pise, ze je aktivovany .

[vyosek]

Aktivovany ale nelegalne

nyni Vam PC docistim, ale upozornuji Vas, ze pokud se tu objevite znovu s nelegalni sw je jedno jakeho druhu (crack hry, crack antivir ci nelegal OS), muze Vam byt pomoct odmitnuta

Jak se chova PC

[blackflag]

Ok, dakujem za upozornenie, vobec som si to neuvedomil, ze to moze byt tak.
Pc vyzera byt v poriadku, je o dost sviznejsie ako ked mi ho priniesli.

[vyosek]

Jsme bezpecnostni forum, podporovani nelegalnich veci by bylo proti mysli naseho fora. Nehlede na podporu porusovani autorskeho zakona = pachani trestneho cinu

"ako ked mi ho priniesli" - doufam ze si za to nic neuctujete - nase forum funguje na bazi dobrovolnosti - radci jsou tu ve svem volnem case bez naroku na financni odmenu = nesuplujeme tu praci placenych IT

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Novy log ze RSIT

[blackflag]

Samozrejme, ze na tom nezarabam, pc je od znamych.

[vyosek]

Oki, ja jen ze takovych tu uz par bylo

Provedte kroky co jsem psal

[blackflag]

Log z RSIT:



Logfile of random's system information tool 1.08 (written by random/random)
Run by oco at 2010-10-26 00:20:51
Microsoft Windows 7 Home Premium
System drive C: has 100 GB (83%) free of 120 GB
Total RAM: 1791 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:21:01, on 26. 10. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Connection Manager\sysctrl.exe
C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\oco\Desktop\RSIT.exe
C:\Program Files\trend micro\oco.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKLM\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Z810SysStart] C:\Program Files\Connection Manager\sysctrl.exe
O4 - HKCU\..\Run: [Z810PNP] C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 3011 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for oco.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Z810SysStart"=C:\Program Files\Connection Manager\sysctrl.exe [2008-09-01 307200]
"Z810PNP"=C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe [2008-10-09 118784]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Z810SysStart"=C:\Program Files\Connection Manager\sysctrl.exe [2008-09-01 307200]
"Z810PNP"=C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe [2008-10-09 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-11-12 361632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-12 5106904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpcdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpwd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdpipe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdtcp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\termservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-10-26 00:20:51 ----D---- C:\rsit
2010-10-26 00:18:26 ----D---- C:\Program Files\ESET
2010-10-26 00:11:31 ----D---- C:\Program Files\CCleaner
2010-10-25 22:29:33 ----D---- C:\Users\oco\AppData\Roaming\Malwarebytes
2010-10-25 22:21:04 ----SHD---- C:\$RECYCLE.BIN
2010-10-25 22:20:53 ----D---- C:\Windows\temp
2010-10-25 20:50:45 ----A---- C:\Windows\system32\drivers\rdyboost.sys
2010-10-25 19:32:20 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-10-25 19:32:19 ----D---- C:\ProgramData\Malwarebytes
2010-10-25 19:32:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-25 19:32:18 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-10-25 19:06:54 ----D---- C:\Program Files\trend micro
2010-10-18 21:13:22 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2010-10-18 21:12:39 ----D---- C:\Program Files\Connection Manager
2010-10-18 21:12:38 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-02 19:11:55 ----D---- C:\Users\oco\AppData\Roaming\ESET
2010-09-30 03:34:36 ----D---- C:\Program Files\FLVTube Player

======List of files/folders modified in the last 1 months======

2010-10-26 00:21:01 ----D---- C:\Windows\Prefetch
2010-10-26 00:20:06 ----D---- C:\Windows\system32\config
2010-10-26 00:19:22 ----SHD---- C:\Windows\Installer
2010-10-26 00:19:12 ----D---- C:\Windows\system32\drivers
2010-10-26 00:19:11 ----D---- C:\Windows\system32\DriverStore
2010-10-26 00:19:11 ----D---- C:\Windows\system32\catroot
2010-10-26 00:19:11 ----D---- C:\Windows\inf
2010-10-26 00:18:26 ----RD---- C:\Program Files
2010-10-26 00:18:12 ----SHD---- C:\System Volume Information
2010-10-26 00:14:35 ----D---- C:\Windows\System32
2010-10-26 00:14:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-26 00:14:24 ----D---- C:\Windows
2010-10-26 00:12:23 ----D---- C:\Windows\debug
2010-10-25 23:58:00 ----D---- C:\Windows\Minidump
2010-10-25 23:25:27 ----D---- C:\Windows\ehome
2010-10-25 22:08:36 ----A---- C:\Windows\system.ini
2010-10-25 22:07:58 ----D---- C:\Windows\system32\drivers\etc
2010-10-25 22:04:43 ----D---- C:\Windows\Tasks
2010-10-25 22:00:34 ----D---- C:\Windows\AppPatch
2010-10-25 22:00:32 ----D---- C:\Program Files\Common Files
2010-10-25 20:53:10 ----D---- C:\Boot
2010-10-25 20:20:41 ----SD---- C:\ProgramData\Microsoft
2010-10-25 19:32:19 ----D---- C:\ProgramData
2010-10-22 15:30:03 ----D---- C:\Windows\system32\catroot2
2010-10-19 18:56:40 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-10-18 21:18:04 ----D---- C:\ProgramData\ESET
2010-10-18 21:13:06 ----D---- C:\Windows\winsxs
2010-10-18 20:52:44 ----D---- C:\Users\oco\AppData\Roaming\DivX
2010-10-18 20:38:00 ----D---- C:\Windows\system32\NDF
2010-10-17 17:44:28 ----AD---- C:\ProgramData\TEMP
2010-10-17 16:54:59 ----D---- C:\Program Files\Opera
2010-10-10 15:14:13 ----D---- C:\Users\oco\AppData\Roaming\PlayFirst
2010-10-10 15:14:13 ----D---- C:\ProgramData\PlayFirst
2010-10-02 17:58:15 ----D---- C:\Users\oco\AppData\Roaming\SulusGames
2010-10-02 14:38:36 ----D---- C:\Windows\system32\wdi
2010-09-29 20:21:06 ----D---- C:\Windows\system32\wfp
2010-09-29 20:21:06 ----D---- C:\Windows\system32\wbem
2010-09-29 20:21:06 ----D---- C:\Windows\system32\CodeIntegrity
2010-09-29 20:21:05 ----D---- C:\Windows\AppCompat
2010-09-29 20:21:00 ----D---- C:\Windows\registration
2010-09-29 20:20:22 ----D---- C:\BigFishGamesCache
2010-09-29 20:18:23 ----D---- C:\Windows\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-06-23 158272]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\Windows\system32\DRIVERS\tdrpm258.sys [2010-06-23 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-06-23 581984]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-06-23 160288]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-07-14 530944]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 17920]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-11-12 660664]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-23 2480048]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-25 135664]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[vyosek]

Log vypada jiz cisty

[blackflag]

Dakujem za ochotu a pomoc.

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy