ComboFix 10-07-30.04 - x 31.07.2010 13:34:42.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.583 [GMT 2:00]
Spuštěný z: c:\documents and settings\x\Plocha\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-31 )))))))))))))))))))))))))))))))
.
2010-07-31 08:08 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-31 08:08 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-31 08:08 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-31 08:08 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-31 08:08 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-31 08:08 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-31 08:08 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-31 08:07 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-30 20:04 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-30 20:04 . 2010-07-31 08:07 -------- d-----w- c:\program files\Alwil Software
2010-07-30 19:39 . 2010-07-30 19:39 -------- d-----w- c:\documents and settings\x\DoctorWeb
2010-07-30 18:52 . 2010-07-30 18:52 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-30 13:33 . 2010-07-30 13:33 -------- d-----w- C:\_OTL
2010-07-29 19:32 . 2010-07-29 19:33 -------- d-----w- c:\program files\trend micro
2010-07-29 19:32 . 2010-07-29 19:34 -------- d-----w- C:\rsit
2010-07-29 10:08 . 2010-07-29 10:08 -------- d-sh--w- c:\documents and settings\x\IECompatCache
2010-07-29 06:27 . 2010-07-31 11:44 768512 ----a-w- c:\windows\system32\drivers\exqlifzo.sys
2010-07-28 11:28 . 2010-07-28 11:28 -------- d-sh--w- c:\documents and settings\x\PrivacIE
2010-07-28 11:19 . 2010-05-04 17:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-07-28 11:19 . 2010-05-04 17:18 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2010-07-28 11:05 . 2010-07-28 11:05 -------- d-sh--w- c:\documents and settings\x\IETldCache
2010-07-28 10:54 . 2010-07-30 15:53 -------- d-----w- c:\windows\ie8updates
2010-07-28 10:46 . 2010-05-06 10:35 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-28 10:46 . 2010-05-06 10:35 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-28 10:46 . 2010-05-06 10:35 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-28 10:46 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-16 16:00 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 09:21 . 2009-09-19 06:29 -------- d-----w- c:\program files\Opera
2010-07-31 08:08 . 2010-07-31 08:09 2916352 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-07-31 08:08 . 2010-07-31 08:09 160256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-07-31 07:01 . 2010-07-31 07:02 45056 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-07-30 20:00 . 2010-07-30 20:01 937984 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-07-30 19:22 . 2010-07-30 19:22 2877440 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-07-30 15:27 . 2010-07-30 15:27 2857984 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2010-07-30 11:07 . 2010-07-30 11:09 2981376 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-07-29 06:47 . 2009-09-19 10:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-07-28 11:27 . 1979-12-31 23:00 79932 ----a-w- c:\windows\system32\perfc005.dat
2010-07-28 11:27 . 1979-12-31 23:00 433024 ----a-w- c:\windows\system32\perfh005.dat
2010-07-22 13:40 . 2009-12-08 16:09 -------- d-----w- c:\program files\GuildFTPd
2010-06-23 11:51 . 2009-09-19 10:25 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 11:51 . 2009-09-19 10:25 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 11:51 . 2009-09-19 10:25 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-21 16:25 . 2009-09-19 06:00 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-06-21 16:24 . 2009-09-19 06:00 737280 ----a-w- c:\windows\iun6002.exe
2010-06-20 17:30 . 2007-11-27 11:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-18 13:48 . 2010-06-18 13:48 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-14 14:31 . 2002-10-22 15:34 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-10 12:10 . 2009-09-20 16:47 75024 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-10 12:05 . 2010-06-10 12:02 -------- d-----w- c:\program files\Samsung
2010-06-07 19:16 . 2010-06-07 19:16 -------- d-----w- c:\program files\Common Files\Java
2010-06-07 19:15 . 2010-06-07 19:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-07 19:15 . 2010-06-07 19:15 -------- d-----w- c:\program files\Java
2010-06-01 21:50 . 2007-11-29 07:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-04 17:18 . 2006-06-23 12:27 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 1979-12-31 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 69632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 380928]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-01-17 64000]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 20480]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16 24576 ----a-w- c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 09:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2002-04-24 03:02 12288 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14.5.2008 16:21 19496]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.7.2010 10:08 165456]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [27.11.2007 13:57 15360]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10.6.2010 14:05 36640]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [22.10.2002 17:29 802683]
S3 SJCI;SJCI;c:\docume~1\x\LOCALS~1\Temp\SJCI.exe --> c:\docume~1\x\LOCALS~1\Temp\SJCI.exe [?]
S3 usbcamcl;Driver for video Device;c:\windows\system32\drivers\usbcamcl.sys [1.4.2010 17:39 31104]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - exqlifzo
.
Obsah adresáře 'Naplánované úlohy'
2009-09-19 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2007-11-27 00:32]
2007-11-27 c:\windows\Tasks\Připomenutí registrace 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-10-22 03:22]
2007-11-27 c:\windows\Tasks\Připomenutí registrace 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-10-22 03:22]
2007-11-27 c:\windows\Tasks\Připomenutí registrace 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-10-22 03:22]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {92D42B2B-CD55-4BD2-8B19-9BF0E24E3C1A} = 160.217.161.1
TCP: {A37887FA-4BFE-4F96-9186-834A8826B73B} = 160.217.161.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-07-31 13:44
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\exqlifzo]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1578003675-4267738357-3058202713-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8CB206CF-ABA3-0157-00CE-883B43D09B93}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
- - - - - - - > 'explorer.exe'(924)
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\RunDll32.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
.
**************************************************************************
.
Celkový čas: 2010-07-31 13:49:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-31 11:49
Před spuštěním: 6 870 671 360
Po spuštění: 6 901 104 640
- - End Of File - - B101C29B50CD1E3F018DB2FB75CD569D
Stáhněte a uložte http://download.bleepingcomputer.com/sUBs/ComboFix.exe na plochu.
Přispějete na provoz fóra?