Prosím o kontrolu Logu

Zpráva

wagonka · #1 Příspěvek od **wagonka** » 07 lis 2012 11:51

Prosím o kontrolu Logu. Děkuji. Vágnerová

ComboFix 12-11-06.03 - Petra Vágnerová 07.11.2012 9:07.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2037.1273 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petra Vßgnerovß\Plocha\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2012 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\2337900.dll
C:\2756600.dll
C:\DEL.bat
C:\hex120.exe
C:\hexsverver.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\avgfwdx.dll
c:\windows\system32\is-OPQI8.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\TZLog.log
C:\xpDS_Server.exe
.
Nakažená kopie c:\windows\system32\ntdll.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-07 do 2012-11-07 )))))))))))))))))))))))))))))))
.
.
2012-11-03 15:32 . 2012-11-03 15:36 30720 ----a-w- C:\hex12.exe
2012-10-30 06:45 . 2012-10-30 06:45 63608 ----a-w- C:\hexserer.exe
2012-10-26 09:26 . 2012-10-26 09:26 599040 ----a-w- C:\hex2.exe
2012-10-25 13:53 . 2012-10-27 03:39 22016 ----a-w- C:\hexDS_Server.exe
2012-10-25 13:52 . 2012-10-27 03:38 11776 ----a-w- C:\bootDS_Server.exe
2012-10-25 11:14 . 2012-10-25 11:14 -------- d-----w- c:\documents and settings\Petra Vágnerová\Local Settings\Data aplikací\Help
2012-10-25 07:28 . 2012-10-25 07:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\regid.1986-12.com.adobe
2012-10-25 07:19 . 2012-10-25 07:19 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-10-24 10:23 . 2012-10-26 00:39 122880 ----a-w- C:\hexball.exe
2012-10-24 07:35 . 2012-10-24 07:35 80914 ----a-w- C:\hexxunlei.exe
2012-10-22 05:38 . 2012-11-01 09:45 64512 ----a-w- C:\hex1433.exe
2012-10-12 11:38 . 2012-10-17 19:26 88576 ----a-w- C:\hexzxc.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 09:52 . 2012-04-04 05:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 09:52 . 2012-03-26 07:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2012-03-26 10:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 11:57 . 2012-09-25 11:57 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 15:18 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 13:43 . 2011-07-11 00:14 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-23 06:27 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2008-04-14 08:06 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-29 08:20 . 2012-10-29 08:20 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-25 11:57 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-25 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-05-30 520192]
"VideoDownloadConverter Search Scope Monitor"="c:\progra~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" [2012-09-11 42536]
"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~1\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2012-09-11 30096]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-25 947808]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-25 856160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-10-25 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Petra Vágnerová\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\SqlWtsn.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Tools\\Binn\\VSShell\\Common7\\IDE\\ssmsee.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\SqlSAC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1433:TCP"= 1433:TCP:SQL2
"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
"1032:TCP"= 1032:TCP:SQL1
"1434:UDP"= 1434:UDP:SQL3
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 6:30 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 6:23 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 1:14 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [25.9.2012 12:57 27496]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [23.3.2012 12:02 31936]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13.6.2012 2:48 2321560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 3:53 193288]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [23.3.2012 14:00 99896]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5.7.2012 17:41 3048136]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [25.9.2012 12:57 722528]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [23.5.2011 1:03 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 12:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23.12.2011 12:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 12:32 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13.8.2012 2:24 5167736]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.3.2012 11:06 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [11.9.2012 12:39 42504]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [23.5.2011 1:03 30944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.3.2012 11:06 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [17.6.2011 18:33 237008]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 09:52]
.
2012-11-07 c:\windows\Tasks\AVG PC Tuneup Integrator Start On Petra Vágnerová Logon.job
- c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-03-26 15:20]
.
2012-11-07 c:\windows\Tasks\User_Feed_Synchronization-{FB0DAB8D-E7AE-4B60-B60A-23FF5D17A5D3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=HJxdm007YYcz&ptb=85F4A0C6-E9BE-41A1-B4FF-D0495CE3819A&si=CKjB6Zi4rbICFcFZzAodwQ4Atg
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{0620B836-ADFF-44AD-B5E1-38753787E93B}: NameServer = 93.153.117.1,62.141.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-07 09:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2240)
c:\progra~1\VIDEOD~2\bar\1.bin\4zhkstub.dll
c:\progra~1\VIDEOD~2\bar\1.bin\4zbrstub.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2012-11-07 09:24:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-07 08:24
.
Před spuštěním: Volných bajtů: 42 462 973 952
Po spuštění: Volných bajtů: 45 293 785 088
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5A894948A01AE7E6F69C03D9DB6B49A0

#2 Příspěvek od **vyosek** » 07 lis 2012 12:46

Zdravim

Jedna se o domaci PC nebo nejaky pracovni\firemni

Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

VIRY.CZ

Prosím o kontrolu Logu

Prosím o kontrolu Logu

Re: Prosím o kontrolu Logu