Prosím o kontrolu logu - win32/ramnit.a virus Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
asusmaniac
Level 2
Level 2
Příspěvky: 179
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus

Příspěvekod asusmaniac » 31 led 2013 23:05

ComboFix 13-01-31.03 - nothing 31.01.2013 23:00:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.8103.6647 [GMT 1:00]
Spuštěný z: c:\users\nothing\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\AsDebug.log
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-28 do 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 22:02 . 2013-01-31 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-31 09:32 . 2013-01-31 09:32 -------- d-----w- C:\rsit
2013-01-31 09:19 . 2013-01-31 09:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-31 09:19 . 2013-01-31 09:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-31 09:19 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-29 21:22 . 2013-01-31 19:30 -------- d-----w- c:\program files (x86)\Heroes of Newerth
2013-01-29 19:43 . 2005-09-08 08:03 1032657 ----a-w- c:\windows\SysWow64\libxml2.dll
2013-01-29 12:14 . 2013-01-29 12:14 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-01-29 12:14 . 2013-01-29 12:14 -------- d-----w- c:\program files\Adobe
2013-01-29 12:13 . 2013-01-29 12:14 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-29 11:30 . 2013-01-29 11:30 -------- d-----w- c:\program files\ESET
2013-01-24 16:26 . 2013-01-24 16:26 -------- d-----w- c:\program files (x86)\uTorrent
2013-01-23 12:51 . 2013-01-23 15:08 -------- d-----w- c:\programdata\OrganicCoffee
2013-01-22 11:04 . 2013-01-29 12:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-21 19:13 . 2013-01-21 19:13 -------- d-----w- c:\program files (x86)\The KMPlayer
2013-01-19 19:04 . 2013-01-29 11:38 -------- d-----w- c:\program files (x86)\Microsoft
2013-01-15 22:27 . 2013-01-15 22:27 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-01-15 19:31 . 2013-01-15 19:31 -------- d-----w- c:\windows\SysWow64\NV
2013-01-15 19:31 . 2013-01-15 19:31 -------- d-----w- c:\windows\system32\NV
2013-01-15 19:29 . 2012-12-29 10:34 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-01-15 19:28 . 2013-01-15 19:28 -------- d-----w- C:\NVIDIA
2013-01-15 19:13 . 2013-01-15 19:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-15 19:13 . 2013-01-15 19:13 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-15 19:13 . 2013-01-15 19:13 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-15 19:13 . 2013-01-15 19:13 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-15 19:13 . 2013-01-15 19:13 -------- d-----w- c:\program files (x86)\Java
2013-01-11 21:13 . 2013-01-11 21:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-11 21:13 . 2013-01-11 21:13 -------- d-----r- c:\program files (x86)\Skype
2013-01-11 21:13 . 2013-01-11 21:13 -------- d-----w- c:\programdata\Skype
2013-01-10 19:55 . 2013-01-10 19:55 -------- d-----w- c:\program files (x86)\Google
2013-01-10 19:24 . 2013-01-10 19:24 -------- d-----w- c:\programdata\Binarysense
2013-01-10 19:24 . 2013-01-10 19:24 -------- d-----w- c:\program files (x86)\SSDlife
2013-01-10 05:48 . 2013-01-10 05:48 -------- d-----w- c:\programdata\ASUS
2013-01-09 22:04 . 2008-10-10 03:52 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2013-01-09 22:04 . 2008-10-10 03:52 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2013-01-09 22:04 . 2008-10-10 03:52 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2013-01-09 22:04 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2013-01-09 20:34 . 2013-01-09 21:46 -------- d-----w- c:\program files (x86)\HD Tune Pro
2013-01-09 19:30 . 2013-01-31 09:22 -------- d-----w- c:\program files\WinRAR
2013-01-09 18:48 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-09 18:48 . 2013-01-20 12:48 -------- d-----w- c:\programdata\AVAST Software
2013-01-09 18:43 . 2013-01-31 21:52 -------- d-----w- c:\program files (x86)\Diablo III
2013-01-09 18:43 . 2013-01-09 19:06 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-01-09 18:43 . 2013-01-09 19:06 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-01-09 18:38 . 2013-01-09 18:38 -------- d-----w- c:\programdata\Trend Micro
2013-01-09 18:34 . 2013-01-31 09:32 -------- d-----w- c:\program files\Trend Micro
2013-01-09 18:33 . 2013-01-09 18:33 80512 ----a-w- c:\windows\ASUS K3 Series ScreenSaver Uninstaller.exe
2013-01-09 18:33 . 2013-01-09 18:33 3058304 ----a-w- c:\windows\AsScrPro.exe
2013-01-09 18:33 . 2013-01-09 18:33 -------- d-----w- c:\windows\SysWow64\Macromed
2013-01-09 18:33 . 2006-10-09 18:07 183296 ----a-w- c:\windows\SysWow64\ACEngSvr.exe
2013-01-09 18:33 . 2011-03-03 15:57 379520 ----a-w- c:\windows\system32\FBAgent.exe
2013-01-09 18:33 . 2013-01-09 18:33 -------- d-----w- c:\program files\ASUS
2013-01-09 18:32 . 2010-08-03 14:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2013-01-09 18:32 . 2013-01-29 13:52 -------- d-----w- c:\program files\P4G
2013-01-09 18:32 . 2013-01-09 18:32 -------- d-----w- c:\programdata\P4G
2013-01-09 18:30 . 2013-01-09 18:30 -------- d-----w- c:\users\Public\Roaming
2013-01-09 18:30 . 2013-01-09 18:30 -------- d-----w- c:\users\Default\Roaming
2013-01-09 18:29 . 2013-01-09 18:31 -------- d-----w- c:\program files\Intel
2013-01-09 18:29 . 2013-01-09 18:29 -------- d-----w- c:\program files (x86)\Cisco
2013-01-09 18:28 . 2009-07-20 09:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2013-01-09 18:28 . 2013-01-09 18:28 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2013-01-09 18:27 . 2013-01-09 18:27 -------- d-----w- c:\program files\Synaptics
2013-01-09 18:27 . 2011-05-05 12:32 1439792 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-01-09 18:27 . 2011-05-05 12:30 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2013-01-09 18:27 . 2011-05-05 12:30 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2013-01-09 18:27 . 2011-05-05 12:30 226088 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-01-09 18:27 . 2011-05-05 12:30 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2013-01-09 18:27 . 2011-05-05 12:30 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2013-01-09 18:27 . 2011-05-05 12:30 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2013-01-09 18:27 . 2011-05-05 12:30 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2013-01-09 18:27 . 2009-08-07 02:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-01-09 18:26 . 2010-08-03 18:43 290920 ----a-r- c:\windows\system32\drivers\rtsuvstor.sys
2013-01-09 18:26 . 2010-07-13 21:21 15464 ------r- c:\windows\system32\drivers\diskperf64.sys
2013-01-09 18:26 . 2009-11-25 14:21 7367200 ----a-w- c:\windows\SysWow64\RtsUVStoricon.dll
2013-01-09 18:25 . 2011-01-13 11:58 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-01-09 18:25 . 2011-01-13 11:58 413800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-01-09 18:25 . 2011-01-13 11:58 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-01-09 18:25 . 2013-01-10 15:20 -------- d-----w- c:\program files (x86)\ASUS
2013-01-09 18:25 . 2013-01-09 18:25 -------- d-----w- c:\programdata\SonicFocus
2013-01-09 18:25 . 2013-01-09 18:25 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-01-09 18:25 . 2013-01-09 18:25 -------- d-----w- c:\program files\Realtek
2013-01-09 18:23 . 2013-01-15 19:31 -------- d-----w- c:\programdata\NVIDIA
2013-01-09 18:21 . 2013-01-29 21:23 -------- d-sh--w- c:\windows\Installer
2013-01-09 18:17 . 2013-01-15 19:30 -------- d-----w- c:\program files\NVIDIA Corporation
2013-01-09 18:13 . 2010-10-04 13:02 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2013-01-09 18:13 . 2013-01-10 19:58 -------- d-----w- c:\program files (x86)\Intel
2013-01-09 18:13 . 2013-01-09 18:16 -------- d-----w- C:\Intel
2013-01-09 17:21 . 2013-01-09 18:42 -------- d-----w- c:\programdata\Battle.net
2013-01-09 17:09 . 2013-01-19 20:55 -------- d-----w- c:\users\nothing
2013-01-09 16:54 . 2013-01-09 17:09 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 08:07 . 2012-11-28 08:07 57904 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-11-28 57904]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-26 1329304]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 19:00 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10 19:55]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10 19:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-13 192520]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 6325936]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-VizorHtmlDialog.exe - c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-01-31 23:04:17
ComboFix-quarantined-files.txt 2013-01-31 22:04
.
Před spuštěním: Volných bajtů: 132 771 004 416
Po spuštění: Volných bajtů: 132 512 694 272
.
- - End Of File - - 93C97A3E5AB64D33914A840CD2DC908A
Nahoru
Reklama
Top
asusmaniac
Level 2
Level 2
Příspěvky: 179
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus

Příspěvekod asusmaniac » 31 led 2013 23:09

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-31 23:08:22
-----------------------------
23:08:22.701 OS Version: Windows x64 6.1.7600
23:08:22.701 Number of processors: 4 586 0x2A07
23:08:22.701 ComputerName: NOTEBOOK UserName: nothing
23:08:22.966 Initialize success
23:08:37.744 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:08:37.744 Disk 0 Vendor: INTEL_SS 400i Size: 171705MB BusType: 3
23:08:37.759 Disk 0 MBR read successfully
23:08:37.759 Disk 0 MBR scan
23:08:37.759 Disk 0 Windows 7 default MBR code
23:08:37.759 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:08:37.759 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 171603 MB offset 206848
23:08:37.759 Disk 0 scanning C:\Windows\system32\drivers
23:08:38.430 Service scanning
23:08:40.208 Modules scanning
23:08:40.208 Disk 0 trace - called modules:
23:08:40.208 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:08:40.208 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009957060]
23:08:40.208 3 CLASSPNP.SYS[fffff880015c843f] -> nt!IofCallDriver -> [0xfffffa8007afb560]
23:08:40.723 5 ACPI.sys[fffff88000f5c781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007afe050]
23:08:40.723 Scan finished successfully
23:08:46.230 Disk 0 MBR has been saved successfully to "C:\Users\nothing\Desktop\MBR.dat"
23:08:46.246 The log file has been saved successfully to "C:\Users\nothing\Desktop\aswMBR.txt"
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus

Příspěvekod jaro3 » 31 led 2013 23:14

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
asusmaniac
Level 2
Level 2
Příspěvky: 179
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus

Příspěvekod asusmaniac » 31 led 2013 23:26

ComboFix 13-01-31.03 - nothing 31.01.2013 23:21:08.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.8103.6511 [GMT 1:00]
Spuštěný z: c:\users\nothing\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\nothing\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.123\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.123\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.123\psuser.dll
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.57\24.0.1312.57_24.0.1312.56_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{662C877C-562F-4872-9604-32E2935FA929}\24.0.1312.57_24.0.1312.56_chrome_updater.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-28 do 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 09:32 . 2013-01-31 09:32 -------- d-----w- C:\rsit
2013-01-31 09:19 . 2013-01-31 09:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-31 09:19 . 2013-01-31 09:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-31 09:19 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-29 21:22 . 2013-01-31 19:30 -------- d-----w- c:\program files (x86)\Heroes of Newerth
2013-01-29 19:43 . 2005-09-08 08:03 1032657 ----a-w- c:\windows\SysWow64\libxml2.dll
2013-01-29 12:14 . 2013-01-29 12:14 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-01-29 12:14 . 2013-01-29 12:14 -------- d-----w- c:\program files\Adobe
2013-01-29 12:13 . 2013-01-29 12:14 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-29 11:30 . 2013-01-29 11:30 -------- d-----w- c:\program files\ESET
2013-01-24 16:26 . 2013-01-24 16:26 -------- d-----w- c:\program files (x86)\uTorrent
2013-01-23 12:51 . 2013-01-23 15:08 -------- d-----w- c:\programdata\OrganicCoffee
2013-01-22 11:04 . 2013-01-29 12:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-21 19:13 . 2013-01-21 19:13 -------- d-----w- c:\program files (x86)\The KMPlayer
2013-01-19 19:04 . 2013-01-29 11:38 -------- d-----w- c:\program files (x86)\Microsoft
2013-01-15 22:27 . 2013-01-15 22:27 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-01-15 19:31 . 2013-01-15 19:31 -------- d-----w- c:\windows\SysWow64\NV
2013-01-15 19:31 . 2013-01-15 19:31 -------- d-----w- c:\windows\system32\NV
2013-01-15 19:29 . 2012-12-29 10:34 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-01-15 19:28 . 2013-01-15 19:28 -------- d-----w- C:\NVIDIA
2013-01-15 19:13 . 2013-01-15 19:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-15 19:13 . 2013-01-15 19:13 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-15 19:13 . 2013-01-15 19:13 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-15 19:13 . 2013-01-15 19:13 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-15 19:13 . 2013-01-15 19:13 -------- d-----w- c:\program files (x86)\Java
2013-01-11 21:13 . 2013-01-11 21:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-11 21:13 . 2013-01-31 22:23 -------- d-----r- c:\program files (x86)\Skype
2013-01-11 21:13 . 2013-01-11 21:13 -------- d-----w- c:\programdata\Skype
2013-01-10 19:55 . 2013-01-10 19:55 -------- d-----w- c:\program files (x86)\Google
2013-01-10 19:24 . 2013-01-10 19:24 -------- d-----w- c:\programdata\Binarysense
2013-01-10 19:24 . 2013-01-10 19:24 -------- d-----w- c:\program files (x86)\SSDlife
2013-01-10 05:48 . 2013-01-10 05:48 -------- d-----w- c:\programdata\ASUS
2013-01-09 22:04 . 2008-10-10 03:52 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2013-01-09 22:04 . 2008-10-10 03:52 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2013-01-09 22:04 . 2008-10-10 03:52 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2013-01-09 22:04 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2013-01-09 20:34 . 2013-01-09 21:46 -------- d-----w- c:\program files (x86)\HD Tune Pro
2013-01-09 19:30 . 2013-01-31 09:22 -------- d-----w- c:\program files\WinRAR
2013-01-09 18:48 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-09 18:48 . 2013-01-20 12:48 -------- d-----w- c:\programdata\AVAST Software
2013-01-09 18:43 . 2013-01-31 21:52 -------- d-----w- c:\program files (x86)\Diablo III
2013-01-09 18:43 . 2013-01-09 19:06 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-01-09 18:43 . 2013-01-09 19:06 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-01-09 18:38 . 2013-01-09 18:38 -------- d-----w- c:\programdata\Trend Micro
2013-01-09 18:34 . 2013-01-31 09:32 -------- d-----w- c:\program files\Trend Micro
2013-01-09 18:33 . 2013-01-09 18:33 80512 ----a-w- c:\windows\ASUS K3 Series ScreenSaver Uninstaller.exe
2013-01-09 18:33 . 2013-01-09 18:33 3058304 ----a-w- c:\windows\AsScrPro.exe
2013-01-09 18:33 . 2013-01-09 18:33 -------- d-----w- c:\windows\SysWow64\Macromed
2013-01-09 18:33 . 2006-10-09 18:07 183296 ----a-w- c:\windows\SysWow64\ACEngSvr.exe
2013-01-09 18:33 . 2011-03-03 15:57 379520 ----a-w- c:\windows\system32\FBAgent.exe
2013-01-09 18:33 . 2013-01-09 18:33 -------- d-----w- c:\program files\ASUS
2013-01-09 18:32 . 2010-08-03 14:30 196224 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
2013-01-09 18:32 . 2013-01-29 13:52 -------- d-----w- c:\program files\P4G
2013-01-09 18:32 . 2013-01-09 18:32 -------- d-----w- c:\programdata\P4G
2013-01-09 18:30 . 2013-01-09 18:30 -------- d-----w- c:\users\Public\Roaming
2013-01-09 18:30 . 2013-01-09 18:30 -------- d-----w- c:\users\Default\Roaming
2013-01-09 18:29 . 2013-01-09 18:31 -------- d-----w- c:\program files\Intel
2013-01-09 18:29 . 2013-01-09 18:29 -------- d-----w- c:\program files (x86)\Cisco
2013-01-09 18:28 . 2009-07-20 09:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2013-01-09 18:28 . 2013-01-09 18:28 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2013-01-09 18:27 . 2013-01-09 18:27 -------- d-----w- c:\program files\Synaptics
2013-01-09 18:27 . 2011-05-05 12:32 1439792 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-01-09 18:27 . 2011-05-05 12:30 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2013-01-09 18:27 . 2011-05-05 12:30 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2013-01-09 18:27 . 2011-05-05 12:30 226088 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-01-09 18:27 . 2011-05-05 12:30 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2013-01-09 18:27 . 2011-05-05 12:30 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2013-01-09 18:27 . 2011-05-05 12:30 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2013-01-09 18:27 . 2011-05-05 12:30 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2013-01-09 18:27 . 2009-08-07 02:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-01-09 18:26 . 2010-08-03 18:43 290920 ----a-r- c:\windows\system32\drivers\rtsuvstor.sys
2013-01-09 18:26 . 2010-07-13 21:21 15464 ------r- c:\windows\system32\drivers\diskperf64.sys
2013-01-09 18:26 . 2009-11-25 14:21 7367200 ----a-w- c:\windows\SysWow64\RtsUVStoricon.dll
2013-01-09 18:25 . 2011-01-13 11:58 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-01-09 18:25 . 2011-01-13 11:58 413800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-01-09 18:25 . 2011-01-13 11:58 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-01-09 18:25 . 2013-01-10 15:20 -------- d-----w- c:\program files (x86)\ASUS
2013-01-09 18:25 . 2013-01-09 18:25 -------- d-----w- c:\programdata\SonicFocus
2013-01-09 18:25 . 2013-01-09 18:25 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-01-09 18:25 . 2013-01-09 18:25 -------- d-----w- c:\program files\Realtek
2013-01-09 18:23 . 2013-01-15 19:31 -------- d-----w- c:\programdata\NVIDIA
2013-01-09 18:21 . 2013-01-29 21:23 -------- d-sh--w- c:\windows\Installer
2013-01-09 18:17 . 2013-01-15 19:30 -------- d-----w- c:\program files\NVIDIA Corporation
2013-01-09 18:13 . 2010-10-04 13:02 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2013-01-09 18:13 . 2013-01-10 19:58 -------- d-----w- c:\program files (x86)\Intel
2013-01-09 18:13 . 2013-01-09 18:16 -------- d-----w- C:\Intel
2013-01-09 17:21 . 2013-01-09 18:42 -------- d-----w- c:\programdata\Battle.net
2013-01-09 17:09 . 2013-01-19 20:55 -------- d-----w- c:\users\nothing
2013-01-09 16:54 . 2013-01-09 17:09 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 08:07 . 2012-11-28 08:07 57904 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-11-28 57904]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-26 1329304]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 19:00 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [BU]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-13 192520]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 6325936]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
.
**************************************************************************
.
Celkový čas: 2013-01-31 23:25:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-31 22:25
ComboFix2.txt 2013-01-31 22:04
.
Před spuštěním: Volných bajtů: 132 558 376 960
Po spuštění: Volných bajtů: 131 984 150 528
.
- - End Of File - - E3615F92CD7025A7ABBAE1A933AF4C26
Nahoru
asusmaniac
Level 2
Level 2
Příspěvky: 179
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus

Příspěvekod asusmaniac » 31 led 2013 23:27

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:27:10, on 31.1.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\nothing\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-3045069583-2507868210-2992496998-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3045069583-2507868210-2992496998-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8877 bytes
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus

Příspěvekod jaro3 » 31 led 2013 23:30

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-21-3045069583-2507868210-2992496998-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')


Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
asusmaniac
Level 2
Level 2
Příspěvky: 179
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus

Příspěvekod asusmaniac » 31 led 2013 23:34

no zatím jsem měl mbam vždy vypnuté, to byl jediný prográmek, který mi něco teďkom hlásil (blokování oné IP adresy).
jinak nechápu proč to tam opět je, už jsem to prve fixnul a juched.exe a adobearm.exe se objevilo znovu ..

Jdu na to dočištění :)
Nahoru
asusmaniac
Level 2
Level 2
Příspěvky: 179
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus

Příspěvekod asusmaniac » 31 led 2013 23:47

Tak uvidíme no, jestli se ještě ozve to blokování IP adresy. Jinak jsem fixnul první 2 a to třetí

Kód: Vybrat vše

O4 - HKUS\S-1-5-21-3045069583-2507868210-2992496998-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
To tam nebylo.
Tak po fixnutí jsem dal opět scan a už se to tam objevilo, tak jsem fixnul. Mám postnout ještě nějaký log? Pro jistotu?

Jinak jsem se chtěl zeptat co je to zač, ten win32/ramnit.a virus? Na netu jsem nic moc nenašel. (Tu IP adresu označovali na netu jako nebezpečnou)
Mám používat stále mbam + eset? avast mi předtím začal blokovat různé .dll soubory např. při spouštění her.
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus

Příspěvekod jaro3 » 01 úno 2013 09:39

ponech , je to dobrá ochrana , ale žádná nemůže být 100%.

http://www.virusradar.com/Win32_Ramnit.A/description

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
asusmaniac
Level 2
Level 2
Příspěvky: 179
Registrován: leden 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu - win32/ramnit.a virus  Vyřešeno

Příspěvekod asusmaniac » 01 úno 2013 13:15

Super, děkuji moc !

Nějak s angličtinou nekamarádím, kdyby se někdo nudil, může mě do zpráv napsat stručně čeho je vlastně ten win32/ramnit.a virus schopnej :)
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 106 hostů