windows xp home security 2012

Zpráva

ja_jaros · #1 Příspěvek od **ja_jaros** » 29 črc 2011 12:48

Ahoj na jednom PC se objevila havet windows xp home security

Na PC nešel nainstalovat ani RSIT ani MBAM. Jediné co šlo tak Combofix, který něco smazal. Projistotu ještě posílám k náhledu log z combofixu. Prosím o kontrolu. Děkuji Jakub

ComboFix 11-07-29.01 - pilnacek 29.07.2011 13:39:33.1.2 - x86
Systm Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1977.1186 [GMT 2:00]
Sputn z: c:\documents and settings\pilnacek\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatn vmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pilnacek\Local Settings\Data aplikac\rbx.exe
.
.
((((((((((((((((((((((((( Soubory vytvoen od 2011-06-28 do 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-29 11:26 . 2011-07-29 11:26 -------- d-----w- c:\program files\trend micro
2011-07-29 11:26 . 2011-07-29 11:26 -------- d-----w- C:\rsit
2011-07-21 10:16 . 2011-07-21 10:16 -------- d-----w- c:\program files\ToniArts
2011-07-21 10:15 . 2004-07-15 22:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-07-21 10:15 . 2004-07-15 22:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-07-21 10:15 . 2004-07-15 22:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-07-21 10:15 . 2004-07-15 22:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-07-21 10:15 . 2004-07-15 22:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-07-21 10:15 . 2011-07-21 10:15 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-07-21 10:15 . 2011-07-21 10:15 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-07-21 10:15 . 2011-07-21 10:15 2951802 ----a-w- C:\EasyCleaner_2.0.6.380.exe
2011-07-20 13:40 . 2010-09-30 07:02 484656 ----a-w- c:\windows\ssndii.exe
2011-07-20 13:40 . 2011-07-20 13:40 -------- d-----w- c:\windows\Samsung
2011-07-20 13:39 . 2009-09-11 07:47 26624 ----a-w- c:\windows\system32\sst3cl3.dll
2011-07-20 13:39 . 2009-09-11 07:47 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst3cpc.dll
2011-07-20 13:39 . 2009-09-11 07:46 151552 ----a-w- c:\windows\system32\sst3cci.exe
2011-07-20 13:39 . 2009-09-11 07:46 65536 ----a-w- c:\windows\system32\sst3cci.dll
2011-07-20 13:39 . 2009-09-10 08:49 49152 ----a-w- c:\windows\system32\ssusbpn.dll
2011-07-20 13:39 . 2009-09-10 08:49 81920 ----a-w- c:\windows\system32\ssdevm.dll
2011-07-20 13:39 . 2009-09-10 08:49 21776 ----a-w- c:\windows\system32\msxml2a.dll
2011-07-20 13:37 . 2011-07-20 13:37 -------- d-----w- c:\program files\Samsung
2011-07-01 10:34 . 2011-07-01 10:34 -------- d-----w- c:\documents and settings\pilnacek\Data aplikac\vlc
2011-07-01 10:33 . 2011-07-01 10:33 -------- d-----w- c:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M vpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 05:37 . 2011-05-18 04:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2007-10-29 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2009-07-08 13:04 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((( Spoutc body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]
"PC Suite Tray"="c:\documents and settings\jezek\Dokumenty\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-09 273544]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabdka Start\Programy\Po sputn\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]
GPRSpeed Client.lnk - c:\program files\GPRSpeed\GPRSpeed Client\NGSpawner.exe [2009-7-13 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [1.8.2007 22:30 16376]
R2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [30.4.2008 17:52 200704]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [22.7.2009 8:22 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [22.7.2009 8:22 43608]
S2 gupdate;Sluba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.1.2008 23:18 135664]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [9.7.2009 8:07 6828]
S3 gupdatem;Sluba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26.1.2008 23:18 135664]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [9.7.2009 7:15 51040]
.
Obsah adrese 'Naplnovan lohy'
.
2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-01-26 21:18]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-01-26 21:18]
.
2011-07-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2272608825-1634534074-3492712122-1159.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2272608825-1634534074-3492712122-1160.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2272608825-1634534074-3492712122-1159.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2272608825-1634534074-3492712122-1160.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-07-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomente Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.254 10.0.0.249
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.0.90/activex/AMC.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-29 13:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenovn skrytch proces ...
.
skenovn skrytch poloek 'Po sputn' ...
.
skenovn skrytch soubor ...
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
Celkov as: 2011-07-29 13:45:07
ComboFix-quarantined-files.txt 2011-07-29 11:45
.
Ped sputnm: Volnch bajt: 35402706944
Po sputn: Volnch bajt: 39069581312
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 20C861345D6FDE62C004995632B1A12B

ja_jaros · #2 Příspěvek od **ja_jaros** » 29 črc 2011 12:50

Ještě jsem narazil na jednu v systému jsou zakázené automatické aktualizace na lze je spustit. Děkuji Jakub

#3 Příspěvek od **Roli** » 29 črc 2011 13:35

Zdravím, pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

VIRY.CZ

windows xp home security 2012

windows xp home security 2012

Re: windows xp home security 2012

Re: windows xp home security 2012