Stránka 2 z 2
Re: Skryté soubory na flashce
Napsal: 14 čer 2015 10:15
od altrok
nonevim píše:Změna hesel? A co třeba internetové bankovnictví? Ten keyloger je pryč?
Podle logu je keylogger pryc. Pravdepodobne mate ucet u KB a pouzivate certifikat - toto by melo byt v poradku.
nonevim píše:V USBFix jsem zmáčknul jen clean, ale z logu jsem to pochopil tak, že provedl i vakcinaci. Je to tak?
Presne tak.
Stale se mi neco nepozdava, se zmenou hesel jeste chvili vydrzte.
Otestujte na virustotal.com
C:\WINDOWS\system32\Drivers\rdpujnbd.sys - pokud uz byl soubor otestovany, zvolte
Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.
Doporucuji vymenit Microsoft Security Essentials za napr. avast! Free. Duvodem je cca 50% detekce oproti konkurenci viz srovnavaci testy antiviru
http://forum.viry.cz/viewtopic.php?p=1377913#p1377913 kor na 14 mesicu neaktualizovanem operacnim systemu.
Ulozte na plochu MBAR -
http://www.bleepingcomputer.com/downloa ... i-rootkit/
- Spuste dvojklikem a extrahujte na plochu
- kliknete na Next
- Aktualizujte virovou databazi klikem na Update a pokracujte na Next
- Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
- zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
- kliknete na Cleanup a souhlaste s restartem - Yes
- obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi
Re: Skryté soubory na flashce
Napsal: 14 čer 2015 10:41
od nonevim
Virustotal:
Probably harmless! There are strong indicators suggesting that this file is safe to use.
https://www.virustotal.com/cs/file/c94c ... 434274127/
Doufám, že ten link bude fungovat. BTW hlásil mi, že ten soubor už byl testovaný. Nepamatuji si, že bych někdy virustotal používal, to jako že testovali stejný soubor jinému uživateli?
O Avastu žádná, dostal jsem comp už s MSE a byl jsem prostě liný to přeinstalovat. Je na čase...
Jdu na MBAR
Re: Skryté soubory na flashce
Napsal: 14 čer 2015 14:14
od nonevim
MBAR:
Congratulations, no cleanup is required!
Scan Finished: No malware found!
Log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.793000 GHz
Memory total: 1341636608, free: 616095744
Downloaded database version: v2015.06.14.01
Downloaded database version: v2015.06.02.01
Downloaded database version: v2015.05.13.01
=======================================
Initializing...
------------ Kernel report ------------
06/14/2015 12:28:10
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
intelide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\e100b325.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\ac97intc.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\system32\DRIVERS\WudfPf.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\pmemnt.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.06.14.01
rootkit: v2015.06.02.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89ec6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89f4ca70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89ec6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89f620e0, DeviceName: \Device\00000053\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89f11940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1ECE1ECD
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 78172227
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 40037760000 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff89a1d6b0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89a1e020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89a1d6b0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89975d00, DeviceName: \Device\0000005a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4DD5721
Partition information:
Partition 0 type is Other (0xb)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 3935862
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2020904448 bytes
Sector size: 512 bytes
Done!
Scan finished
Re: Skryté soubory na flashce
Napsal: 14 čer 2015 14:31
od altrok
Link funguje. Ano, je to tak, ze byl soubor otestovan jinym uzivatelem.
Po uklidu zmente hesla a pokud nejsou dotazy ci jine problemy, je to ode mne vse.