ComboFix 10-10-02.02 - Alice 03.10.2010 18:08:02.1.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.666 [GMT 2:00]
Spuštěný z: c:\documents and settings\Alice\Plocha\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\IE\1.1.2\pdFForgetoolbarie.dll
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\_000006_.tmp.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.
2010-10-03 16:12 . 2003-07-30 09:18 3839 ----a-w- c:\windows\system32\drivers\GETPADD.sys
2010-09-27 19:48 . 2010-10-03 16:12 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-23 09:39 . 2010-09-23 09:39 -------- d-----w- c:\program files\Secunia
2010-09-23 09:37 . 2010-09-23 09:37 -------- d-----w- C:\rsit
2010-09-23 09:37 . 2010-09-23 09:37 -------- d-----w- c:\program files\trend micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 14:43 . 2010-08-23 14:43 61440 ----a-w- c:\documents and settings\Alice\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39b7975d-n\decora-sse.dll
2010-08-23 14:43 . 2010-08-23 14:43 503808 ----a-w- c:\documents and settings\Alice\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74bcba7d-n\msvcp71.dll
2010-08-23 14:43 . 2010-08-23 14:43 499712 ----a-w- c:\documents and settings\Alice\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74bcba7d-n\jmc.dll
2010-08-23 14:43 . 2010-08-23 14:43 348160 ----a-w- c:\documents and settings\Alice\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-74bcba7d-n\msvcr71.dll
2010-08-23 14:43 . 2010-08-23 14:43 12800 ----a-w- c:\documents and settings\Alice\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39b7975d-n\decora-d3d.dll
2010-08-20 12:08 . 2010-08-20 12:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-17 13:17 . 2004-06-29 15:10 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 12:16 . 2010-08-20 11:59 2979848 ----a-w- c:\documents and settings\All Users\Data aplikací\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-12 12:15 . 2009-01-29 19:01 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2009-01-29 18:54 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-22 15:46 . 2004-06-29 15:10 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2006-10-27 07:35 391168 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-11 319792]
"Google Update"="c:\documents and settings\Alice\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-14 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-07-03 7708672]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-20 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-20 33136]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-04 61440]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-07-19 778240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-06-26 851968]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-10-08 1783808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-13 815104]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2009-12-14 1223680]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-03-04 30192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 08:30 74240 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2007-07-19 13:41 49520 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2007-12-29 11:05 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiFrame]
2007-06-21 12:07 999792 ------w- c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-08-08 04:11 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-10-13 09:55 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29.1.2009 20:54 64288]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [17.5.2006 10:14 23232]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.3.2008 11:18 141312]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [29.6.2004 17:10 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [29.6.2004 17:10 14336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.3.2009 10:42 222456]
R2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [14.12.2009 15:15 598528]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [4.7.2007 12:06 39424]
R3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [14.12.2009 15:15 12288]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.3.2010 22:53 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 1355416]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4.3.2010 11:01 30192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15008]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7.7.2010 16:05 14904]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.12.2007 15:36 715248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Obsah adresáře 'Naplánované úlohy'
2010-10-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
2010-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 20:53]
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 20:53]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-HijackThis - c:\documents and settings\Alice\Plocha\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-10-03 18:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\brand.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
- - - - - - - > 'explorer.exe'(380)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\windows\system32\acovcnt.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-10-03 18:41:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-03 16:41
Před spuštěním: Volných bajtů: 57 550 274 560
Po spuštění: Volných bajtů: 57 714 933 760
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0B511B4121639701CCC4A09B1B207297
CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!
Přispějete na provoz fóra?