ComboFix 11-06-17.04 - a 19.06.2011 13:14:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2045.1616 [GMT 2:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\a\WINDOWS
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-19 do 2011-06-19 )))))))))))))))))))))))))))))))
.
.
2011-06-16 05:50 . 2011-06-19 08:18 5454 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-06-16 05:46 . 2011-06-16 05:46 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-14 18:40 . 2011-06-14 18:40 81920 ----a-w- c:\windows\system32\BIVBX11.DLL
2011-06-14 18:40 . 2011-06-16 11:01 -------- d-----w- C:\TEACHER
2011-06-14 18:40 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\LangSoft
2011-06-14 18:39 . 2011-06-14 18:40 -------- d-----w- c:\documents and settings\a\Data aplikací\LangSoft
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\a\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-06-13 19:43 . 2011-06-13 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-13 19:43 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 17:49 . 2011-06-14 12:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-06-13 17:49 . 2011-06-13 17:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-12 17:17 . 2011-06-12 17:17 -------- d-----w- C:\Terasoft
2011-06-12 13:36 . 2011-06-12 13:36 -------- d-----w- c:\program files\IVT Corporation
2011-06-12 13:28 . 2011-06-12 13:28 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\bluesoleil
2011-06-12 13:25 . 2008-05-07 05:38 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\Nokia
2011-06-12 13:25 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\program files\PC Connectivity Solution
2011-06-12 13:25 . 2011-06-12 13:25 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2011-06-12 07:29 . 2011-06-17 17:45 -------- d-----w- c:\program files\Elaborate Bytes
2011-06-08 12:18 . 2011-06-08 12:18 -------- d-----w- c:\program files\Sierra
2011-06-05 18:49 . 2011-06-05 18:49 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2011-05-29 16:06 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-05-29 16:06 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-05-29 16:06 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-05-29 16:06 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-05-29 16:06 . 2011-05-29 16:06 -------- d-----w- c:\program files\PDFCreator
2011-05-29 16:06 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-05-29 12:38 . 2009-11-02 15:47 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-05-29 12:38 . 2009-11-02 15:43 20480 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-05-29 12:37 . 2011-05-29 12:37 -------- d-----w- C:\Genius
2011-05-29 12:35 . 2010-11-17 12:03 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2011-05-29 12:09 . 2011-05-29 12:09 -------- d-----w- c:\program files\Driver-Soft
2011-05-28 12:24 . 2011-05-28 12:24 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 4
2011-05-28 09:10 . 2011-05-28 09:10 -------- d-----w- c:\program files\Stabenfeldt
2011-05-28 08:10 . 2011-05-28 08:41 -------- d-----w- c:\documents and settings\a\Local Settings\Data aplikací\Star Stable 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 11:33 . 2011-05-15 11:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 11:32 . 2011-05-15 11:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-15 11:32 . 2011-04-10 14:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-10 12:10 . 2011-03-11 17:29 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-03-11 17:29 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-11 17:30 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-03-11 17:30 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-03-11 17:30 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-03-11 17:30 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-03-11 17:30 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-03-11 17:30 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-03-11 17:30 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-03-11 17:30 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-04 16:31 . 2011-03-11 15:52 295528 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-05-03 14:33 . 2011-03-11 15:49 6404712 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-05-02 15:32 . 2011-03-11 15:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2008-04-14 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2008-04-14 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 11:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 02:41 . 2011-03-11 16:13 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2011-03-11 16:13 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2011-03-11 16:13 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2011-03-11 16:13 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2011-03-11 16:13 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2011-03-11 16:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2011-03-11 16:13 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2011-03-11 16:13 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-03-13 18:40 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2011-03-11 16:13 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2011-03-11 16:13 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2011-03-11 16:13 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2011-03-11 16:13 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2011-03-11 16:13 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2011-03-11 16:13 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2011-03-13 18:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2011-03-11 16:13 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2011-03-11 16:13 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2011-03-11 16:13 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2011-03-11 16:13 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2011-03-11 16:13 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2011-03-11 16:13 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2011-03-11 16:13 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 20:10 . 2011-04-19 20:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 20:10 . 2011-04-19 20:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 20:10 . 2011-04-19 20:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-15 13:48 . 2011-03-11 15:49 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-04-14 11:36 . 2011-03-11 15:49 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-28 17:46 . 2011-02-01 14:37 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-04-29 18:30 . 2011-03-23 18:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-08 . 959B66A9B529BA5C4B1B973F1FCD98EE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-04-14 11:36 20053608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [11.3.2011 17:53 19496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11.3.2011 19:30 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.3.2011 19:30 307928]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [1.2.2011 16:37 98160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.3.2011 19:30 19544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [29.5.2011 14:35 101904]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [29.5.2011 14:38 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [29.5.2011 14:38 11520]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11.3.2011 17:52 30392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.3.2011 17:49 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 GeniusMouseService;GeniusMouseService;c:\genius\ioCentre\GMouseService.exe [29.5.2011 14:38 12288]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13.6.2011 21:43 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2011 19:30 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.3.2011 14:20 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.seznam.cz/
uSearchURL,(Default) = hxxp://
www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 217.170.96.24 217.170.96.2
FF - ProfilePath - c:\documents and settings\a\Data aplikací\Mozilla\Firefox\Profiles\x255a8hz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://
www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} - c:\program files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-06-19 13:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):69,d5,5f,89,fb,2c,cb,8e,b3,70,f5,e4,04,69,83,6c,01,4a,34,0b,15,
7f,10,0c,63,41,5c,00,d0,91,55,5b,8f,12,a1,14,1b,76,c2,19,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bd480067-58ff-45f4-8523-f9eff4474d61}]
@Denied: (Full) (Everyone)
"Model"=dword:00000085
"Therad"=dword:00000008
"MData"=hex(0):49,74,f1,15,a5,c3,e8,38,e0,e3,fd,8e,fa,dc,be,7b,fa,20,8f,b0,6c,
94,f3,7f,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2011-06-19 13:23:27
ComboFix-quarantined-files.txt 2011-06-19 11:23
.
Před spuštěním: 9 187 426 304
Po spuštění: 9 143 566 336
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 905FB40D5C1728D89A90AC465C384C89
Vytvořte log z GMERu podle návodu zde : http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a vložte sem jeho logy.
Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému 