ComboFix 12-01-10.02 - Milda 12.01.2012 16:06:02.6.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2037.1036 [GMT 1:00]
Spuštěný z: c:\users\Milda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Milda\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\program files\4mUninstall ChristmasHolidayLaughs.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ggffggiu
c:\ggffggiu\023.dat
c:\ggffggiu\023v.dat
c:\ggffggiu\Assoc.cmd
c:\ggffggiu\Attrib.cfexe
c:\ggffggiu\badclsid
c:\ggffggiu\Boot.bat
c:\ggffggiu\BootSect
c:\ggffggiu\C.bat
c:\ggffggiu\catchme.cfexe
c:\ggffggiu\clsid.dat
c:\ggffggiu\Combobatch.bat
c:\ggffggiu\ComboFix-Download.exe
c:\ggffggiu\Comspec.bat
c:\ggffggiu\Creg.dat
c:\ggffggiu\CregC.cmd
c:\ggffggiu\CregC.dat
c:\ggffggiu\dd.cfexe
c:\ggffggiu\DelClsid.bat
c:\ggffggiu\Disclaimer.bat
c:\ggffggiu\DPF.sed
c:\ggffggiu\DPF.str
c:\ggffggiu\dumphive.cfexe
c:\ggffggiu\embedded.sed
c:\ggffggiu\ERDNT.e_e
c:\ggffggiu\ERDNTDOS.LOC
c:\ggffggiu\ERDNTWIN.LOC
c:\ggffggiu\ERUNT.cfexe
c:\ggffggiu\erunt.dat
c:\ggffggiu\ERUNT.LOC
c:\ggffggiu\Exe.reg
c:\ggffggiu\executables.dat
c:\ggffggiu\extract.cfexe
c:\ggffggiu\fdsv.cfexe
c:\ggffggiu\Fin.dat
c:\ggffggiu\FIND3M.bat
c:\ggffggiu\Findstr.cfexe
c:\ggffggiu\FIXLSP.bat
c:\ggffggiu\FProps.vbs
c:\ggffggiu\grep.cfexe
c:\ggffggiu\gsar.cfexe
c:\ggffggiu\handle.cfexe
c:\ggffggiu\hidec.exe
c:\ggffggiu\history.bat
c:\ggffggiu\chcp.bat
c:\ggffggiu\image001.gif
c:\ggffggiu\kmd.dat
c:\ggffggiu\Lang.bat
c:\ggffggiu\LFN.vbs
c:\ggffggiu\List-C.bat
c:\ggffggiu\lnkread.vbs
c:\ggffggiu\LocalDrive.vbs
c:\ggffggiu\LocalService.dat
c:\ggffggiu\LocalServiceNetworkRestricted.dat
c:\ggffggiu\LocalSystemNetworkRestricted.dat
c:\ggffggiu\md5
c:\ggffggiu\md5deep.cfexe
c:\ggffggiu\Mirrors
c:\ggffggiu\moveex.cfexe
c:\ggffggiu\MoveIt.bat
c:\ggffggiu\mtee.cfexe
c:\ggffggiu\ND_.bat
c:\ggffggiu\ndis_combofix.dat
c:\ggffggiu\netsvc.bad.dat
c:\ggffggiu\netsvc.dat
c:\ggffggiu\netsvc.vista.dat
c:\ggffggiu\netsvc.xp.dat
c:\ggffggiu\NetworkService.dat
c:\ggffggiu\NirCmd.cfexe
c:\ggffggiu\nircmd.com
c:\ggffggiu\NirCmdC.cfexe
c:\ggffggiu\NlsLang
c:\ggffggiu\null
c:\ggffggiu\null2
c:\ggffggiu\OSid.vbs
c:\ggffggiu\Policies.dat
c:\ggffggiu\psexec.cfexe
c:\ggffggiu\Purity.dat
c:\ggffggiu\pv.cfexe
c:\ggffggiu\Qoo.bat
c:\ggffggiu\RegDo.sed
c:\ggffggiu\region.dat
c:\ggffggiu\restore_pt.vbs
c:\ggffggiu\RestoreO4.bat
c:\ggffggiu\rogues.dat
c:\ggffggiu\run2.sed
c:\ggffggiu\safeboot.dat
c:\ggffggiu\safeboot.def.dat
c:\ggffggiu\safeboot.def.vista.dat
c:\ggffggiu\SafeBootRepair.bat
c:\ggffggiu\sed.cfexe
c:\ggffggiu\SetEnvmt.bat
c:\ggffggiu\setpath.cfexe
c:\ggffggiu\SF.cfexe
c:\ggffggiu\sfx.cmd
c:\ggffggiu\svc_wht.dat
c:\ggffggiu\SvcDrv.vbs
c:\ggffggiu\svclist.sed
c:\ggffggiu\svchost.dat
c:\ggffggiu\svchost.vista.dat
c:\ggffggiu\swreg.cfexe
c:\ggffggiu\swreg.exe
c:\ggffggiu\swsc.cfexe
c:\ggffggiu\swxcacls.cfexe
c:\ggffggiu\system_ini.dat
c:\ggffggiu\toolbar.sed
c:\ggffggiu\version.txt
c:\ggffggiu\vfind.cfexe
c:\ggffggiu\Vista.mac
c:\ggffggiu\whitedirB.dat
c:\ggffggiu\WhiteLegacy.dat
c:\ggffggiu\zDomain.dat
c:\ggffggiu\zhsvc.dat
c:\ggffggiu\zip.cfexe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-12 do 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 15:21 . 2012-01-12 15:21 -------- dc----w- c:\users\Milda\AppData\Local\temp
2012-01-12 15:21 . 2012-01-12 15:21 -------- dc----w- c:\users\Public\AppData\Local\temp
2012-01-12 15:21 . 2012-01-12 15:21 -------- dc----w- c:\users\Guest\AppData\Local\temp
2012-01-12 15:21 . 2012-01-12 15:21 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-01-12 14:42 . 2012-01-12 14:42 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FF9B91F-B12D-480C-BFD1-5B62E33F42BD}\offreg.dll
2012-01-11 18:04 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-10 13:42 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FF9B91F-B12D-480C-BFD1-5B62E33F42BD}\mpengine.dll
2012-01-08 14:45 . 2012-01-08 14:55 -------- dc----w- C:\rsit
2011-12-19 16:04 . 2011-12-19 16:04 -------- dc----w- c:\programdata\HPSSUPPLY
2011-12-19 15:58 . 2011-12-19 15:58 -------- dc----w- c:\program files\Hewlett-Packard
2011-12-19 15:57 . 2011-12-19 16:03 -------- dc----w- c:\program files\Common Files\HP
2011-12-15 13:57 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 13:57 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 08:03 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 19:38 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 19:38 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 19:38 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 19:38 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 19:37 . 2010-07-20 10:38 10216 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-12-14 19:37 . 2010-07-20 10:38 10216 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-12-14 19:37 . 2010-07-20 10:38 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-14 19:37 . 2010-07-20 10:38 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-14 19:37 . 2010-07-20 10:38 96488 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-12-14 19:37 . 2010-07-20 10:38 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-12-14 19:37 . 2010-07-20 10:38 121576 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-12-14 19:37 . 2010-07-20 10:38 10344 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-12-14 19:37 . 2010-07-20 10:38 10344 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-12-14 19:37 . 2010-07-20 10:38 98152 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-12-14 19:37 . 2010-07-20 10:38 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-12-14 19:36 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 19:25 . 2010-04-27 02:25 98432 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2011-12-14 19:25 . 2010-04-27 02:25 14848 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2011-12-14 19:25 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2011-12-14 19:25 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2011-12-14 19:25 . 2010-04-27 02:25 123648 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2011-12-14 19:25 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2011-12-14 19:25 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2011-12-14 19:05 . 2011-12-14 19:07 -------- dc----w- c:\programdata\Samsung
2011-12-14 19:03 . 2011-12-14 19:05 -------- dc----w- c:\program files\Common Files\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 12:26 . 2010-10-28 15:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-10 14:24 . 2010-10-28 15:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2010-09-01 11:21 41184 -c--a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-09-01 11:21 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2010-09-01 11:22 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-09-01 11:22 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-09-01 11:22 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-09-01 11:21 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-09-01 11:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-06 15:36 . 2011-11-06 15:36 161792 ----a-w- c:\windows\system32\msls31.dll
2011-11-06 15:36 . 2011-11-06 15:36 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-06 15:36 . 2011-11-06 15:36 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-06 15:36 . 2011-11-06 15:36 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-06 15:36 . 2011-11-06 15:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-06 15:36 . 2011-11-06 15:36 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-11-06 15:36 . 2011-11-06 15:36 367104 ----a-w- c:\windows\system32\html.iec
2011-11-06 15:36 . 2011-11-06 15:36 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-11-06 15:36 . 2011-11-06 15:36 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-06 15:36 . 2011-11-06 15:36 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-11-06 15:36 . 2011-11-06 15:36 152064 ----a-w- c:\windows\system32\wextract.exe
2011-11-06 15:36 . 2011-11-06 15:36 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-11-06 15:36 . 2011-11-06 15:36 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-06 15:36 . 2011-11-06 15:36 11776 ----a-w- c:\windows\system32\mshta.exe
2011-11-06 15:36 . 2011-11-06 15:36 101888 ----a-w- c:\windows\system32\admparse.dll
2011-11-06 15:36 . 2011-11-06 15:36 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-11-06 15:36 . 2011-11-06 15:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 -c--a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.252 10.0.0.254
FF - ProfilePath - c:\users\Milda\AppData\Roaming\Mozilla\Firefox\Profiles\cpuvkxiv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 16:21
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1187109235-2803622219-269265546-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000020
.
[HKEY_USERS\S-1-5-21-1187109235-2803622219-269265546-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-1187109235-2803622219-269265546-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-1187109235-2803622219-269265546-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
Celkový čas: 2012-01-12 16:28:40
ComboFix-quarantined-files.txt 2012-01-12 15:28
ComboFix2.txt 2012-01-11 16:54
ComboFix3.txt 2012-01-10 14:14
.
Před spuštěním: Volných bajtů: 17 157 529 600
Po spuštění: Volných bajtů: 16 965 382 144
.
- - End Of File - - 5692573C69FF5ECAA36A19A72DFD8B4C
Přispějete na provoz fóra?