neustale aktivni sit v obou smerech Java/TrojanDownloader..
Napsal: 16 črc 2010 20:47
Dobry den,
prosim o kontrolu logu.
Pc je pravdepodobne napadeno vice infiltracemi, bylo proscanovano nod32 antivirem a online scannerem, superAntispywarem, advanced syscarem, ccleanerem, is360 a byly provedeny vsechny updaty od windows a microsoft update. Z nouzoveho rezimu proscanovano tez. (dosud odstraneno nekolik trojskych koni, sit je vytizena stale) - proces svchost.exe vyuziva stale 50% CPU, necinne procesy systemu tez a obcas se k nim prida ekrn.exe se stejnym vytizenim, takze je nakoplej asi i nod.
Pravdepodobne rozesila spamove maily ve velkem mnozstvi, komunikace se siti probiha v obou smerech intezivne.
Nyni je odpojeno od site, log byl bez site vytvoren tez.
Nalezene infiltrace:
___
NOD32:
C:\Documents and Settings\vhruby\Data aplikací\Sun\Java\Deployment\cache\6.0\45\3d43daad-4e9d4070 - Java/TrojanDownloader.Agent.AB trojský kůň - vyléčen smazáním - uložen do karantény [1]
13.7.2010 7:51:01 Rezidentní ochrana soubor C:\WINDOWS\system32\fjhdyfhsn.bat BAT/KillFiles.NCB trojský kůň vyléčen smazáním - uložen do karantény VAK\vhruby Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\WINDOWS\system32\cmd.exe.
12.7.2010 13:33:05 HTTP filter soubor http://pantscow.ru:8080/Applet1.html JS/Exploit.JavaDepKit.A trojský kůň přerušeno spojení - uložen do karantény VAK\vhruby Infiltrace byla zachycena při přístupu na web aplikací: C:\Program Files\Internet Explorer\iexplore.exe.
3.6.2010 15:35:54 Rezidentní ochrana soubor C:\Documents and Settings\vhruby\Local Settings\Temporary Internet Files\Content.IE5\S1677MAK\modelsgonebad_com[1].htm JS/TrojanDownloader.Pegel.BH trojský kůň vyléčen smazáním - uložen do karantény VAK\vhruby Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\Program Files\Internet Explorer\iexplore.exe.
3.6.2010 15:35:54 HTTP filter soubor http://www.modelsgonebad.com/ JS/TrojanDownloader.Pegel.BH trojský kůň přerušeno spojení - uložen do karantény VAK\vhruby Infiltrace byla zachycena při přístupu na web aplikací: C:\Program Files\Internet Explorer\iexplore.exe.
___
IObit Security 360:
OS:Windows XP
Version:1.4.5.67
Define Version:1601
Time Elapsed:00:05:42
Objects Scanned:53953
Threats Found:1
|Name|Type|Description|ID|
Trojan.Win32/Agent - Removed, Registry Value, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl Value=1, 4-20196
___
SuperAntispyware:
Quarantined:
Trojan.Downloader-Gen
E:\DATA\ARCHIV\FIN_AL\FINANAL\ATLASFA\FK_DEMO\SYSTEM\SYSMGR.EXE
a spousta smazanych cookies
log RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by vhruby at 2010-07-16 20:50:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 61 GB (77%) free of 80 GB
Total RAM: 1980 MB (71% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-31 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-16 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-16 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-09-01 1044480]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-11 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-11 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-11 141336]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2008-07-17 773144]
"ChangeTPMAuth"=C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe [2008-08-21 184320]
"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2008-08-22 145408]
"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2008-08-28 656696]
"EmbassySecurityCheck"=C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [2008-08-28 91448]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-06 39408]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\vhruby\Nabídka Start\Programy\Po spuštění
srvklw32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-11 205312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceStartMenuLogOff"=1
"NoStartMenuNetworkPlaces"=1
"ForceClassicControlPanel"=1
"NoAutoTrayNotify"=1
"NoSMBalloonTip"=1
"NoSMConfigurePrograms"=1
"DisallowCpl"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ClientRs\ClientRS.exe"="C:\Program Files\ClientRs\ClientRS.exe:*:Enabled:ClientRS"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ClientRs\ClientRS.exe"="C:\Program Files\ClientRs\ClientRS.exe:*:Enabled:ClientRS"
======List of files/folders created in the last 1 months======
2010-07-16 20:50:33 ----D---- C:\rsit
2010-07-16 20:50:33 ----D---- C:\Program Files\trend micro
2010-07-16 20:50:13 ----D---- C:\__antivirus
2010-07-16 19:35:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-16 18:30:05 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-16 17:13:50 ----D---- C:\Documents and Settings\vhruby\Data aplikací\IObit
2010-07-16 15:41:51 ----A---- C:\esi-eula.txt
2010-07-16 15:41:02 ----A---- C:\SysInspector.exe
2010-07-16 15:18:44 ----D---- C:\Documents and Settings\vhruby\Data aplikací\SUPERAntiSpyware.com
2010-07-16 14:59:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-16 14:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-16 14:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-16 14:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-16 14:59:11 ----D---- C:\WINDOWS\ie8updates
2010-07-16 14:57:52 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-07-16 14:54:38 ----D---- C:\Program Files\Common Files\Java
2010-07-16 14:54:25 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-16 14:54:25 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-16 14:54:25 ----A---- C:\WINDOWS\system32\java.exe
2010-07-16 14:54:16 ----D---- C:\Program Files\Java
2010-07-16 14:49:00 ----HD---- C:\WINDOWS\msdownld.tmp
2010-07-16 14:48:33 ----HDC---- C:\WINDOWS\ie8
2010-07-16 09:54:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-07-16 09:54:06 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-16 09:53:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-16 09:50:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2010-07-16 09:44:39 ----D---- C:\Program Files\CCleaner
2010-07-16 08:59:28 ----D---- C:\Program Files\IObit
2010-07-15 10:51:40 ----D---- C:\Program Files\ESET
2010-07-15 10:51:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-07-13 07:51:09 ----A---- C:\WINDOWS\system32\drivers\ynhvlcov.sys
2010-07-13 07:51:00 ----A---- C:\WINDOWS\system32\drivers\foqtn.sys
2010-07-01 11:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-01 11:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-01 11:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-01 11:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
======List of files/folders modified in the last 1 months======
2010-07-16 20:50:33 ----RD---- C:\Program Files
2010-07-16 20:50:14 ----D---- C:\WINDOWS\Temp
2010-07-16 20:45:21 ----D---- C:\Program Files\ClientRs
2010-07-16 20:12:55 ----AD---- C:\WINDOWS\system32
2010-07-16 20:12:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-16 20:11:59 ----D---- C:\WINDOWS\Prefetch
2010-07-16 19:38:02 ----AD---- C:\WINDOWS
2010-07-16 19:36:10 ----A---- C:\WINDOWS\system32\log.txt
2010-07-16 19:36:09 ----D---- C:\WINDOWS\Debug
2010-07-16 18:28:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-16 17:21:21 ----D---- C:\WINDOWS\system32\config
2010-07-16 15:52:20 ----SHD---- C:\WINDOWS\Installer
2010-07-16 15:52:20 ----HD---- C:\Config.Msi
2010-07-16 15:39:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-16 15:38:56 ----D---- C:\WINDOWS\WinSxS
2010-07-16 15:07:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-16 15:01:54 ----D---- C:\Program Files\Internet Explorer
2010-07-16 14:59:56 ----HD---- C:\WINDOWS\inf
2010-07-16 14:59:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-16 14:59:53 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 14:54:38 ----D---- C:\Program Files\Common Files
2010-07-16 14:54:18 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-16 14:52:29 ----D---- C:\WINDOWS\system32\cs-cz
2010-07-16 14:52:29 ----D---- C:\WINDOWS\Media
2010-07-16 14:52:28 ----D---- C:\WINDOWS\Help
2010-07-16 13:58:38 ----D---- C:\WINDOWS\security
2010-07-16 09:39:20 ----SHD---- C:\WINDOWS\CSC
2010-07-16 09:39:20 ----D---- C:\WINDOWS\repair
2010-07-16 09:39:20 ----D---- C:\Program Files\Zákon 4
2010-07-16 09:39:20 ----D---- C:\Program Files\Audiograbber
2010-07-16 09:39:20 ----D---- C:\Program Files\ACDSee32
2010-07-16 09:39:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Wave Systems Corp
2010-07-15 10:52:07 ----D---- C:\WINDOWS\system32\drivers
2010-07-02 12:39:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-01 12:51:43 ----D---- C:\WINDOWS\system32\wbem
2010-07-01 11:34:08 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-01 11:33:51 ----RSD---- C:\WINDOWS\assembly
2010-07-01 11:10:49 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-09-01 324120]
R0 PBADRV;PBADRV; C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2008-06-04 26608]
R0 SFAUDIO;Sonic Focus DSP Driver; C:\WINDOWS\system32\drivers\sfaudio.sys [2008-09-01 24064]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2008-08-28 208824]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-09-01 338944]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2008-12-30 144480]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-09-01 40832]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-11 6273504]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 AsfAlrt;AsfAlrt Service; \??\C:\WINDOWS\system32\Drivers\AsfAlrt.sys []
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys []
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
R2 ClientRS;ClientRS; C:\Program Files\ClientRs\ClientRS.exe [2009-09-23 710144]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-16 153376]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-07-17 174616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2008-08-28 966656]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-07-17 2054680]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate1c9b76f5d6ed690;Google Update Service (gupdate1c9b76f5d6ed690); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.28 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-08-05 1249280]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2008-08-27 638976]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
prosim o kontrolu logu.
Pc je pravdepodobne napadeno vice infiltracemi, bylo proscanovano nod32 antivirem a online scannerem, superAntispywarem, advanced syscarem, ccleanerem, is360 a byly provedeny vsechny updaty od windows a microsoft update. Z nouzoveho rezimu proscanovano tez. (dosud odstraneno nekolik trojskych koni, sit je vytizena stale) - proces svchost.exe vyuziva stale 50% CPU, necinne procesy systemu tez a obcas se k nim prida ekrn.exe se stejnym vytizenim, takze je nakoplej asi i nod.
Pravdepodobne rozesila spamove maily ve velkem mnozstvi, komunikace se siti probiha v obou smerech intezivne.
Nyni je odpojeno od site, log byl bez site vytvoren tez.
Nalezene infiltrace:
___
NOD32:
C:\Documents and Settings\vhruby\Data aplikací\Sun\Java\Deployment\cache\6.0\45\3d43daad-4e9d4070 - Java/TrojanDownloader.Agent.AB trojský kůň - vyléčen smazáním - uložen do karantény [1]
13.7.2010 7:51:01 Rezidentní ochrana soubor C:\WINDOWS\system32\fjhdyfhsn.bat BAT/KillFiles.NCB trojský kůň vyléčen smazáním - uložen do karantény VAK\vhruby Tato skutečnost byla zjištěna na souboru, který byl modifikován aplikací: C:\WINDOWS\system32\cmd.exe.
12.7.2010 13:33:05 HTTP filter soubor http://pantscow.ru:8080/Applet1.html JS/Exploit.JavaDepKit.A trojský kůň přerušeno spojení - uložen do karantény VAK\vhruby Infiltrace byla zachycena při přístupu na web aplikací: C:\Program Files\Internet Explorer\iexplore.exe.
3.6.2010 15:35:54 Rezidentní ochrana soubor C:\Documents and Settings\vhruby\Local Settings\Temporary Internet Files\Content.IE5\S1677MAK\modelsgonebad_com[1].htm JS/TrojanDownloader.Pegel.BH trojský kůň vyléčen smazáním - uložen do karantény VAK\vhruby Tato skutečnost byla zjištěna při pokusu o přístup k souboru aplikací: C:\Program Files\Internet Explorer\iexplore.exe.
3.6.2010 15:35:54 HTTP filter soubor http://www.modelsgonebad.com/ JS/TrojanDownloader.Pegel.BH trojský kůň přerušeno spojení - uložen do karantény VAK\vhruby Infiltrace byla zachycena při přístupu na web aplikací: C:\Program Files\Internet Explorer\iexplore.exe.
___
IObit Security 360:
OS:Windows XP
Version:1.4.5.67
Define Version:1601
Time Elapsed:00:05:42
Objects Scanned:53953
Threats Found:1
|Name|Type|Description|ID|
Trojan.Win32/Agent - Removed, Registry Value, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl Value=1, 4-20196
___
SuperAntispyware:
Quarantined:
Trojan.Downloader-Gen
E:\DATA\ARCHIV\FIN_AL\FINANAL\ATLASFA\FK_DEMO\SYSTEM\SYSMGR.EXE
a spousta smazanych cookies
log RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by vhruby at 2010-07-16 20:50:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 61 GB (77%) free of 80 GB
Total RAM: 1980 MB (71% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-31 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-16 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-16 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-09-01 1044480]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-11 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-11 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-11 141336]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2008-07-17 773144]
"ChangeTPMAuth"=C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe [2008-08-21 184320]
"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2008-08-22 145408]
"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2008-08-28 656696]
"EmbassySecurityCheck"=C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [2008-08-28 91448]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-06 39408]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\vhruby\Nabídka Start\Programy\Po spuštění
srvklw32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-11 205312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceStartMenuLogOff"=1
"NoStartMenuNetworkPlaces"=1
"ForceClassicControlPanel"=1
"NoAutoTrayNotify"=1
"NoSMBalloonTip"=1
"NoSMConfigurePrograms"=1
"DisallowCpl"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ClientRs\ClientRS.exe"="C:\Program Files\ClientRs\ClientRS.exe:*:Enabled:ClientRS"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ClientRs\ClientRS.exe"="C:\Program Files\ClientRs\ClientRS.exe:*:Enabled:ClientRS"
======List of files/folders created in the last 1 months======
2010-07-16 20:50:33 ----D---- C:\rsit
2010-07-16 20:50:33 ----D---- C:\Program Files\trend micro
2010-07-16 20:50:13 ----D---- C:\__antivirus
2010-07-16 19:35:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-16 18:30:05 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-16 17:13:50 ----D---- C:\Documents and Settings\vhruby\Data aplikací\IObit
2010-07-16 15:41:51 ----A---- C:\esi-eula.txt
2010-07-16 15:41:02 ----A---- C:\SysInspector.exe
2010-07-16 15:18:44 ----D---- C:\Documents and Settings\vhruby\Data aplikací\SUPERAntiSpyware.com
2010-07-16 14:59:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-16 14:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-16 14:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-16 14:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-07-16 14:59:11 ----D---- C:\WINDOWS\ie8updates
2010-07-16 14:57:52 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-07-16 14:54:38 ----D---- C:\Program Files\Common Files\Java
2010-07-16 14:54:25 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-16 14:54:25 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-16 14:54:25 ----A---- C:\WINDOWS\system32\java.exe
2010-07-16 14:54:16 ----D---- C:\Program Files\Java
2010-07-16 14:49:00 ----HD---- C:\WINDOWS\msdownld.tmp
2010-07-16 14:48:33 ----HDC---- C:\WINDOWS\ie8
2010-07-16 09:54:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-07-16 09:54:06 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-16 09:53:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-16 09:50:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2010-07-16 09:44:39 ----D---- C:\Program Files\CCleaner
2010-07-16 08:59:28 ----D---- C:\Program Files\IObit
2010-07-15 10:51:40 ----D---- C:\Program Files\ESET
2010-07-15 10:51:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-07-13 07:51:09 ----A---- C:\WINDOWS\system32\drivers\ynhvlcov.sys
2010-07-13 07:51:00 ----A---- C:\WINDOWS\system32\drivers\foqtn.sys
2010-07-01 11:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-07-01 11:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-01 11:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-01 11:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
======List of files/folders modified in the last 1 months======
2010-07-16 20:50:33 ----RD---- C:\Program Files
2010-07-16 20:50:14 ----D---- C:\WINDOWS\Temp
2010-07-16 20:45:21 ----D---- C:\Program Files\ClientRs
2010-07-16 20:12:55 ----AD---- C:\WINDOWS\system32
2010-07-16 20:12:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-16 20:11:59 ----D---- C:\WINDOWS\Prefetch
2010-07-16 19:38:02 ----AD---- C:\WINDOWS
2010-07-16 19:36:10 ----A---- C:\WINDOWS\system32\log.txt
2010-07-16 19:36:09 ----D---- C:\WINDOWS\Debug
2010-07-16 18:28:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-16 17:21:21 ----D---- C:\WINDOWS\system32\config
2010-07-16 15:52:20 ----SHD---- C:\WINDOWS\Installer
2010-07-16 15:52:20 ----HD---- C:\Config.Msi
2010-07-16 15:39:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-16 15:38:56 ----D---- C:\WINDOWS\WinSxS
2010-07-16 15:07:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-16 15:01:54 ----D---- C:\Program Files\Internet Explorer
2010-07-16 14:59:56 ----HD---- C:\WINDOWS\inf
2010-07-16 14:59:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-16 14:59:53 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 14:54:38 ----D---- C:\Program Files\Common Files
2010-07-16 14:54:18 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-16 14:52:29 ----D---- C:\WINDOWS\system32\cs-cz
2010-07-16 14:52:29 ----D---- C:\WINDOWS\Media
2010-07-16 14:52:28 ----D---- C:\WINDOWS\Help
2010-07-16 13:58:38 ----D---- C:\WINDOWS\security
2010-07-16 09:39:20 ----SHD---- C:\WINDOWS\CSC
2010-07-16 09:39:20 ----D---- C:\WINDOWS\repair
2010-07-16 09:39:20 ----D---- C:\Program Files\Zákon 4
2010-07-16 09:39:20 ----D---- C:\Program Files\Audiograbber
2010-07-16 09:39:20 ----D---- C:\Program Files\ACDSee32
2010-07-16 09:39:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Wave Systems Corp
2010-07-15 10:52:07 ----D---- C:\WINDOWS\system32\drivers
2010-07-02 12:39:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-01 12:51:43 ----D---- C:\WINDOWS\system32\wbem
2010-07-01 11:34:08 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-01 11:33:51 ----RSD---- C:\WINDOWS\assembly
2010-07-01 11:10:49 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-09-01 324120]
R0 PBADRV;PBADRV; C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2008-06-04 26608]
R0 SFAUDIO;Sonic Focus DSP Driver; C:\WINDOWS\system32\drivers\sfaudio.sys [2008-09-01 24064]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2008-08-28 208824]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-09-01 338944]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2008-12-30 144480]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-09-01 40832]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-11 6273504]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 AsfAlrt;AsfAlrt Service; \??\C:\WINDOWS\system32\Drivers\AsfAlrt.sys []
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys []
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
R2 ClientRS;ClientRS; C:\Program Files\ClientRs\ClientRS.exe [2009-09-23 710144]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-16 153376]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-07-17 174616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2008-08-28 966656]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-07-17 2054680]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate1c9b76f5d6ed690;Google Update Service (gupdate1c9b76f5d6ed690); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.28 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-08-05 1249280]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2008-08-27 638976]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
