Soubor beep.sys přijatý 2009.09.09 19:36:51 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/41 (2.44%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.09.09 -
AhnLab-V3 5.0.0.2 2009.09.09 -
AntiVir 7.9.1.14 2009.09.09 -
Antiy-AVL 2.0.3.7 2009.09.09 -
Authentium 5.1.2.4 2009.09.09 -
Avast 4.8.1351.0 2009.09.09 -
AVG 8.5.0.409 2009.09.09 -
BitDefender 7.2 2009.09.09 -
CAT-QuickHeal 10.00 2009.09.09 -
ClamAV 0.94.1 2009.09.09 -
Comodo 2266 2009.09.09 -
DrWeb 5.0.0.12182 2009.09.09 -
eSafe 7.0.17.0 2009.09.09 Win32.Banker
eTrust-Vet 31.6.6727 2009.09.09 -
F-Prot 4.5.1.85 2009.09.09 -
F-Secure 8.0.14470.0 2009.09.09 -
Fortinet 3.120.0.0 2009.09.09 -
GData 19 2009.09.09 -
Ikarus T3.1.1.72.0 2009.09.09 -
Jiangmin 11.0.800 2009.09.09 -
K7AntiVirus 7.10.840 2009.09.09 -
Kaspersky 7.0.0.125 2009.09.09 -
McAfee 5736 2009.09.09 -
McAfee+Artemis 5736 2009.09.09 -
McAfee-GW-Edition 6.8.5 2009.09.09 -
Microsoft 1.5005 2009.09.09 -
NOD32 4411 2009.09.09 -
Norman 6.01.09 2009.09.09 -
nProtect 2009.1.8.0 2009.09.09 -
Panda 10.0.2.2 2009.09.09 -
PCTools 4.4.2.0 2009.09.09 -
Prevx 3.0 2009.09.09 -
Rising 21.46.24.00 2009.09.09 -
Sophos 4.45.0 2009.09.09 -
Sunbelt 3.2.1858.2 2009.09.09 -
Symantec 1.4.4.12 2009.09.09 -
TheHacker 6.3.4.3.399 2009.09.09 -
TrendMicro 8.950.0.1094 2009.09.09 -
VBA32 3.12.10.10 2009.09.09 -
ViRobot 2009.9.9.1925 2009.09.09 -
VirusBuster 4.6.5.0 2009.09.09 -
Rozšiřující informace
File size: 4224 bytes
MD5...: da1f27d85e0d1525f6621372e7b685e9
SHA1..: e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/
DKrmLGWBqhev7X+MEWKLu+Ww8
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x66c
timedatestamp.....: 0x3b7d82e5 (Fri Aug 17 20:47:33 2001)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xad 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xb80 0x3c8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xf80 0x9a 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57
( 2 imports )
> ntoskrnl.exe: MmLockPagableDataSection, KeCancelTimer, MmUnlockPagableImageSection, IoStartNextPacket, KeSetTimer, _allmul, IoStartPacket, KeInitializeEvent, KeInitializeTimer, KeInitializeDpc, IoCreateDevice, RtlInitUnicodeString, IoAcquireCancelSpinLock, KeRemoveDeviceQueue, KeRemoveEntryDeviceQueue, IoReleaseCancelSpinLock, IoDeleteDevice, IofCompleteRequest
> HAL.dll: ExReleaseFastMutex, KfRaiseIrql, KfLowerIrql, HalMakeBeep, ExAcquireFastMutex
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9' target='_blank'>http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9</a>
Soubor Serial.exe přijatý 2009.09.09 19:43:16 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 43 a 62 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.
Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov. Email:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.09.09 -
AhnLab-V3 5.0.0.2 2009.09.09 -
AntiVir 7.9.1.14 2009.09.09 -
Antiy-AVL 2.0.3.7 2009.09.09 -
Authentium 5.1.2.4 2009.09.09 -
Avast 4.8.1351.0 2009.09.09 -
AVG 8.5.0.409 2009.09.09 -
BitDefender 7.2 2009.09.09 -
CAT-QuickHeal 10.00 2009.09.09 -
ClamAV 0.94.1 2009.09.09 -
Comodo 2266 2009.09.09 -
DrWeb 5.0.0.12182 2009.09.09 -
eSafe 7.0.17.0 2009.09.09 -
eTrust-Vet 31.6.6727 2009.09.09 -
F-Prot 4.5.1.85 2009.09.09 -
F-Secure 8.0.14470.0 2009.09.09 -
Fortinet 3.120.0.0 2009.09.09 -
GData 19 2009.09.09 -
Ikarus T3.1.1.72.0 2009.09.09 -
Jiangmin 11.0.800 2009.09.09 -
K7AntiVirus 7.10.840 2009.09.09 -
Kaspersky 7.0.0.125 2009.09.09 -
McAfee 5736 2009.09.09 -
McAfee+Artemis 5736 2009.09.09 -
McAfee-GW-Edition 6.8.5 2009.09.09 -
Microsoft 1.5005 2009.09.09 -
NOD32 4411 2009.09.09 -
Norman 6.01.09 2009.09.09 -
nProtect 2009.1.8.0 2009.09.09 -
Panda 10.0.2.2 2009.09.09 -
PCTools 4.4.2.0 2009.09.09 -
Prevx 3.0 2009.09.09 -
Rising 21.46.24.00 2009.09.09 -
Sophos 4.45.0 2009.09.09 -
Sunbelt 3.2.1858.2 2009.09.09 -
Symantec 1.4.4.12 2009.09.09 -
TheHacker 6.3.4.3.399 2009.09.09 -
TrendMicro 8.950.0.1094 2009.09.09 -
VBA32 3.12.10.10 2009.09.09 -
ViRobot 2009.9.9.1925 2009.09.09 -
VirusBuster 4.6.5.0 2009.09.09 -
Rozšiřující informace
File size: 40960 bytes
MD5...: 9ad7538b5a950a4462c6a9e0153bdd0a
SHA1..: d6f3877e8cddc53657cfbb5ecaf0d976f8e5306d
SHA256: 1020cc667de025712c15b95d4638675703bd24b325e9645db6ef585f69ed5172
ssdeep: 384:/pQCvOv0YrDJFYD9EkmyF7wjmyF0HJPmy7hKB3Emjm0lkuQe9ge6ZcLd3smy
:R5IDJFERt7Kte+lkE6ZcLd3s
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10d8
timedatestamp.....: 0x3cb5e405 (Thu Apr 11 19:29:09 2002)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7940 0x8000 4.49 4dc655fcf98afc40f662707a7dc0b19b
.data 0x9000 0x135c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xb000 0x614 0x1000 1.60 319396eba2f72fd91709b689f016675d
( 1 imports )
> MSVBVM60.DLL: -, MethCallEngine, -, -, -, -, EVENT_SINK_AddRef, -, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, ProcCallEngine, -, -, -, -, -, -, -
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tento soubor jsem nenašel windows\system32\dllcache\beep.sys
místo toho jsem našel soubor Beep.sys a beep.sys.vir 3X zde C:\Qoobox\Quarantine\C\WINDOWS\system32
a ještě jeden v C:\WINDOWS\ERDNT\cache
Braviax.exe a šmejdy natahované do oper. paměti
Re: Braviax.exe a šmejdy natahované do oper. paměti
Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Kód: Vybrat vše
KillAll::
FCopy::
c:\windows\system32\drivers\beep.sys | c:\windows\system32\dllcache\beep.sysUloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Braviax.exe a šmejdy natahované do oper. paměti
ComboFix 09-09-07.05 - jmarsalek 10.09.2009 20:50.3.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.503.212 [GMT 2:00]
Spuštěný z: c:\documents and settings\JMARSALEK.AFRASTEM\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\JMARSALEK.AFRASTEM\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\qitadok.reg
c:\documents and settings\JMARSALEK.AFRASTEM\Local Settings\Data aplikacˇ\ivitofehab.inf
c:\documents and settings\JMARSALEK.AFRASTEM\Local Settings\Data aplikacˇ\nepifyxybi.bat
c:\documents and settings\JMARSALEK.AFRASTEM\Local Settings\Data aplikacˇ\vacu.reg
.
--------------- FCopy ---------------
c:\windows\system32\drivers\beep.sys --> c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-10 do 2009-09-10 )))))))))))))))))))))))))))))))
.
2009-09-10 18:50 . 2004-08-18 10:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-09-08 09:07 . 2009-09-08 09:07 -------- d-----w- C:\_OTM
2009-09-08 08:30 . 2009-09-08 08:30 -------- d-----w- C:\rsit
2009-09-07 18:38 . 2004-08-18 10:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-09-02 11:44 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-02 11:44 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-02 11:44 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-02 11:44 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-02 11:44 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-02 11:44 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-02 11:44 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-02 11:44 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-02 11:44 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-02 11:44 . 2009-09-02 11:44 -------- d-----w- c:\program files\Alwil Software
2009-09-02 09:05 . 2009-09-02 09:05 -------- d-----w- c:\program files\Serial
2009-09-02 09:02 . 2009-09-02 11:17 -------- d-----w- c:\program files\Serial Komunik Pro +
2009-08-26 10:39 . 2006-05-23 11:57 66560 -c----w- c:\windows\system32\dllcache\pautoenr.dll
2009-08-26 10:39 . 2006-05-23 11:57 460288 -c----w- c:\windows\system32\dllcache\certmgr.dll
2009-08-26 10:39 . 2006-05-23 11:57 39936 ------w- c:\windows\system32\dimsroam.dll
2009-08-26 10:39 . 2006-05-23 11:57 19456 ------w- c:\windows\system32\dimsntfy.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 06:23 . 2006-06-20 05:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 12:14 . 2009-09-02 12:14 11958 ----a-w- c:\program files\Common Files\nyloh._sy
2009-08-17 15:39 . 2009-02-16 11:28 -------- d-----w- c:\program files\ICQ6.5
2009-08-13 08:52 . 2008-01-02 06:18 -------- d-----w- c:\program files\Google
2009-07-08 07:15 . 2006-06-19 11:55 63172 ----a-w- c:\windows\system32\perfc005.dat
2009-07-08 07:15 . 2006-06-19 11:55 381126 ----a-w- c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-09-08_11.11.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 18:57 . 2009-09-10 18:57 16384 c:\windows\Temp\Perflib_Perfdata_ac.dat
+ 2009-09-10 18:57 . 2009-09-10 18:57 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-05-18 253952]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-05 98304]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2006-01-27 118784]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-03-07 69632]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpnclient.exe" [2006-07-26 2506752]
"WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-18 143872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-06-08 299008]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2006-06-08 102400]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-11 622592]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-12 57344]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-09 16207360]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3373254399-825254732-2376785241-10213\Scripts\Logon\0\0]
"Script"=UniversalScript.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\Options\\CABS\\CABI\\System"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [27.12.2004 23:31 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [13.11.2004 12:24 6144]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.9.2009 13:44 114768]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [20.6.2006 9:21 5888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.9.2009 13:44 20560]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.EXE [20.6.2006 9:21 118784]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [29.3.2006 22:06 59392]
S3 elSerial;elSerial Filter driver;c:\windows\system32\DRIVERS\elserial.sys --> c:\windows\system32\DRIVERS\elserial.sys [?]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [20.6.2006 10:07 35968]
S3 OnePointDomainAdminService;Active Directory Migration Agent;c:\windows\OnePointDomainAgent\DCTAgentService.exe en-US 0x409 --> c:\windows\OnePointDomainAgent\DCTAgentService.exe en-US 0x409 [?]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 18:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 18:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 18:34 93872]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys --> c:\windows\system32\drivers\vmbinfce.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-09-09 c:\windows\Tasks\WebReg 20090504225814.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 19:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://atlas.centrum.cz/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: cez.cz
Trusted Zone: cez.cz\isspd.edu
Trusted Zone: cezdata.corp\capsdw2
Trusted Zone: officedepot.cz\online
Trusted Zone: cez.cz
Trusted Zone: cez.cz\isspd.edu
Trusted Zone: cezdata.corp\capsdw2
Trusted Zone: officedepot.cz\online
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 20:59
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2176)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nslsvice.exe
c:\windows\system32\nsl.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\igfxext.exe
c:\program files\Toshiba\TME3\TMEEJME.exe
c:\program files\Apoint2K\ApntEx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\ConfigFree\CFSServ.exe
c:\windows\system32\RAMASST.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2009-09-10 21:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-10 19:03
ComboFix2.txt 2009-09-08 15:56
ComboFix3.txt 2009-09-08 11:16
Před spuštěním: 7 076 859 904
Po spuštění: 7 042 416 640
220 --- E O F --- 2009-07-01 07:23
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.503.212 [GMT 2:00]
Spuštěný z: c:\documents and settings\JMARSALEK.AFRASTEM\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\JMARSALEK.AFRASTEM\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikacˇ\qitadok.reg
c:\documents and settings\JMARSALEK.AFRASTEM\Local Settings\Data aplikacˇ\ivitofehab.inf
c:\documents and settings\JMARSALEK.AFRASTEM\Local Settings\Data aplikacˇ\nepifyxybi.bat
c:\documents and settings\JMARSALEK.AFRASTEM\Local Settings\Data aplikacˇ\vacu.reg
.
--------------- FCopy ---------------
c:\windows\system32\drivers\beep.sys --> c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-10 do 2009-09-10 )))))))))))))))))))))))))))))))
.
2009-09-10 18:50 . 2004-08-18 10:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-09-08 09:07 . 2009-09-08 09:07 -------- d-----w- C:\_OTM
2009-09-08 08:30 . 2009-09-08 08:30 -------- d-----w- C:\rsit
2009-09-07 18:38 . 2004-08-18 10:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-09-02 11:44 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-02 11:44 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-02 11:44 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-02 11:44 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-02 11:44 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-02 11:44 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-02 11:44 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-02 11:44 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-02 11:44 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-02 11:44 . 2009-09-02 11:44 -------- d-----w- c:\program files\Alwil Software
2009-09-02 09:05 . 2009-09-02 09:05 -------- d-----w- c:\program files\Serial
2009-09-02 09:02 . 2009-09-02 11:17 -------- d-----w- c:\program files\Serial Komunik Pro +
2009-08-26 10:39 . 2006-05-23 11:57 66560 -c----w- c:\windows\system32\dllcache\pautoenr.dll
2009-08-26 10:39 . 2006-05-23 11:57 460288 -c----w- c:\windows\system32\dllcache\certmgr.dll
2009-08-26 10:39 . 2006-05-23 11:57 39936 ------w- c:\windows\system32\dimsroam.dll
2009-08-26 10:39 . 2006-05-23 11:57 19456 ------w- c:\windows\system32\dimsntfy.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 06:23 . 2006-06-20 05:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 12:14 . 2009-09-02 12:14 11958 ----a-w- c:\program files\Common Files\nyloh._sy
2009-08-17 15:39 . 2009-02-16 11:28 -------- d-----w- c:\program files\ICQ6.5
2009-08-13 08:52 . 2008-01-02 06:18 -------- d-----w- c:\program files\Google
2009-07-08 07:15 . 2006-06-19 11:55 63172 ----a-w- c:\windows\system32\perfc005.dat
2009-07-08 07:15 . 2006-06-19 11:55 381126 ----a-w- c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-09-08_11.11.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 18:57 . 2009-09-10 18:57 16384 c:\windows\Temp\Perflib_Perfdata_ac.dat
+ 2009-09-10 18:57 . 2009-09-10 18:57 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-05-18 253952]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-09-05 98304]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2006-01-27 118784]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-03-07 69632]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpnclient.exe" [2006-07-26 2506752]
"WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-18 143872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-06-08 299008]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2006-06-08 102400]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-11 622592]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-12 57344]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-09 16207360]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3373254399-825254732-2376785241-10213\Scripts\Logon\0\0]
"Script"=UniversalScript.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\Options\\CABS\\CABI\\System"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [27.12.2004 23:31 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [13.11.2004 12:24 6144]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.9.2009 13:44 114768]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [20.6.2006 9:21 5888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.9.2009 13:44 20560]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.EXE [20.6.2006 9:21 118784]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [29.3.2006 22:06 59392]
S3 elSerial;elSerial Filter driver;c:\windows\system32\DRIVERS\elserial.sys --> c:\windows\system32\DRIVERS\elserial.sys [?]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [20.6.2006 10:07 35968]
S3 OnePointDomainAdminService;Active Directory Migration Agent;c:\windows\OnePointDomainAgent\DCTAgentService.exe en-US 0x409 --> c:\windows\OnePointDomainAgent\DCTAgentService.exe en-US 0x409 [?]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 18:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 18:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 18:34 93872]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys --> c:\windows\system32\drivers\vmbinfce.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-09-09 c:\windows\Tasks\WebReg 20090504225814.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 19:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://atlas.centrum.cz/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: cez.cz
Trusted Zone: cez.cz\isspd.edu
Trusted Zone: cezdata.corp\capsdw2
Trusted Zone: officedepot.cz\online
Trusted Zone: cez.cz
Trusted Zone: cez.cz\isspd.edu
Trusted Zone: cezdata.corp\capsdw2
Trusted Zone: officedepot.cz\online
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 20:59
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2176)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nslsvice.exe
c:\windows\system32\nsl.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\igfxext.exe
c:\program files\Toshiba\TME3\TMEEJME.exe
c:\program files\Apoint2K\ApntEx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\ConfigFree\CFSServ.exe
c:\windows\system32\RAMASST.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2009-09-10 21:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-10 19:03
ComboFix2.txt 2009-09-08 15:56
ComboFix3.txt 2009-09-08 11:16
Před spuštěním: 7 076 859 904
Po spuštění: 7 042 416 640
220 --- E O F --- 2009-07-01 07:23
Re: Braviax.exe a šmejdy natahované do oper. paměti
Stiahni a spust AVPTool. Vypracuj log podla navodu a vloz ho.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Braviax.exe a šmejdy natahované do oper. paměti
Scan
----
Scanned: 365695
Detected: 8
Untreated: 0
Start time: 11.9.2009 21:42:33
Duration: 01:23:48
Finish time: 11.9.2009 23:06:21
Detected
--------
Status Object
------ ------
deleted: Trojan program Backdoor.Win32.UltimateDefender.igv File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\WINDOWS\system32\dk\lmz1.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\WINDOWS\system32\dk\lmz2.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\WINDOWS\system32\dk\lmz3.bmp
deleted: Trojan program Trojan-Dropper.Win32.Agent.bbup File: C:\_OTM\MovedFiles\09082009_110737\Documents and Settings\JMARSALEK.AFRASTEM\sys32_nov.exe
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fko File: C:\_OTM\MovedFiles\09082009_110737\WINDOWS\braviax.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.bbup File: C:\_OTM\MovedFiles\09082009_110737\WINDOWS\system32\sys32_nov.exe
deleted: Trojan program Trojan.Win32.FraudPack.rcj File: C:\_OTM\MovedFiles\09082009_110737\WINDOWS\system32\wisdstr.exe
----
Scanned: 365695
Detected: 8
Untreated: 0
Start time: 11.9.2009 21:42:33
Duration: 01:23:48
Finish time: 11.9.2009 23:06:21
Detected
--------
Status Object
------ ------
deleted: Trojan program Backdoor.Win32.UltimateDefender.igv File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir
deleted: Trojan program Backdoor.IRC.Zapchast.zwqz File: C:\WINDOWS\system32\dk\lmz1.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwra File: C:\WINDOWS\system32\dk\lmz2.bmp
deleted: Trojan program Backdoor.IRC.Zapchast.zwrb File: C:\WINDOWS\system32\dk\lmz3.bmp
deleted: Trojan program Trojan-Dropper.Win32.Agent.bbup File: C:\_OTM\MovedFiles\09082009_110737\Documents and Settings\JMARSALEK.AFRASTEM\sys32_nov.exe
deleted: Trojan program Trojan-Downloader.Win32.FraudLoad.fko File: C:\_OTM\MovedFiles\09082009_110737\WINDOWS\braviax.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.bbup File: C:\_OTM\MovedFiles\09082009_110737\WINDOWS\system32\sys32_nov.exe
deleted: Trojan program Trojan.Win32.FraudPack.rcj File: C:\_OTM\MovedFiles\09082009_110737\WINDOWS\system32\wisdstr.exe
Re: Braviax.exe a šmejdy natahované do oper. paměti
OK, ako to vyzera s PC?
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Braviax.exe a šmejdy natahované do oper. paměti
Zdravím,
notebook nic nehlásí a nabíhá rychlostí o které se mi dlouho už ani nesnilo. Než jsem sem vlez, tak mi ani nenaběhl. Po nekonečným startu Avast našel vira v operační paměti, pak dělal kontrolu disků, restartoval, opět našel vira ,...... a tak pořád dokola. Když jsem vira ignoroval vřískali na netu všude kde jsem vlez.
Oproti tomu co to bylo, je to výborný, výborný, výborný, jen trochu v prdeli. Ten "báječný" program SERIAL od pana Jelínka pro komunici po RS232 přes COM port, se kterým jsem nejspíš stáhnul viry, jsem si naistaloval ještě na své dva počítače. Teď mám hrůzu je vůbec zapnout. Toto je služební notebook a jít s odvirováním za naším adminem tak mi nejdřív nakope pr... , sebere CDMA kartu k netu a pak všechna práva.
Proto Ti moc děkuji za trpělivost a čas, který jsi mi věnoval.
Jiří.
notebook nic nehlásí a nabíhá rychlostí o které se mi dlouho už ani nesnilo. Než jsem sem vlez, tak mi ani nenaběhl. Po nekonečným startu Avast našel vira v operační paměti, pak dělal kontrolu disků, restartoval, opět našel vira ,...... a tak pořád dokola. Když jsem vira ignoroval vřískali na netu všude kde jsem vlez.
Oproti tomu co to bylo, je to výborný, výborný, výborný, jen trochu v prdeli. Ten "báječný" program SERIAL od pana Jelínka pro komunici po RS232 přes COM port, se kterým jsem nejspíš stáhnul viry, jsem si naistaloval ještě na své dva počítače. Teď mám hrůzu je vůbec zapnout. Toto je služební notebook a jít s odvirováním za naším adminem tak mi nejdřív nakope pr... , sebere CDMA kartu k netu a pak všechna práva.
Proto Ti moc děkuji za trpělivost a čas, který jsi mi věnoval.
Jiří.
Re: Braviax.exe a šmejdy natahované do oper. paměti
Rado sa stalo :)
Ale prv, nez mi utecies, prav prosim este tieto veci:
1) Docistime to:
2) Vloz log z HJT.
V pripade nezrovnalosti sa tu nachadza navod.
Ale prv, nez mi utecies, prav prosim este tieto veci:
1) Docistime to:
- Odinstaluj Combofix:
Start -> Spustit -> (napis) combofix /u
- Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
- Precisti PC CCleanerom (vratane registrov).
- Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).
2) Vloz log z HJT.
V pripade nezrovnalosti sa tu nachadza navod.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Braviax.exe a šmejdy natahované do oper. paměti
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:57, on 14.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Ovládací prvky TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Huawei technologies\EC500 Mobile Connect\HuaWeiEVDO.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\JMARSALEK.AFRASTEM\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://atlas.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Kerio VPN Client] "C:\Program Files\Kerio\VPN Client\kvpnclient.exe" /tryauto
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleiI.lnk = C:\WINDOWS\Options\CABS\CABI\BluSoleiI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://isspd.edu.cez.cz
O15 - Trusted Zone: *.cez.cz
O15 - Trusted Zone: http://online.officedepot.cz
O15 - Trusted Zone: http://isspd.edu.cez.cz (HKLM)
O15 - Trusted Zone: *.cez.cz (HKLM)
O15 - Trusted Zone: http://online.officedepot.cz (HKLM)
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://wwx.euras.com/euras/EIS/plugin/euras.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ice.corp
O17 - HKLM\Software\..\Telephony: DomainName = ice.corp
O17 - HKLM\System\CCS\Services\Tcpip\..\{85BB5E86-A83D-4442-B744-C4257BA23FA7}: NameServer = 160.218.10.200 160.218.43.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ice.corp
O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\BricsCad\BrxProtIE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jedno přihlášení do programu Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
--
End of file - 12170 byte
Scan saved at 21:27:57, on 14.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Ovládací prvky TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Huawei technologies\EC500 Mobile Connect\HuaWeiEVDO.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\JMARSALEK.AFRASTEM\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://atlas.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Kerio VPN Client] "C:\Program Files\Kerio\VPN Client\kvpnclient.exe" /tryauto
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleiI.lnk = C:\WINDOWS\Options\CABS\CABI\BluSoleiI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://isspd.edu.cez.cz
O15 - Trusted Zone: *.cez.cz
O15 - Trusted Zone: http://online.officedepot.cz
O15 - Trusted Zone: http://isspd.edu.cez.cz (HKLM)
O15 - Trusted Zone: *.cez.cz (HKLM)
O15 - Trusted Zone: http://online.officedepot.cz (HKLM)
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://wwx.euras.com/euras/EIS/plugin/euras.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ice.corp
O17 - HKLM\Software\..\Telephony: DomainName = ice.corp
O17 - HKLM\System\CCS\Services\Tcpip\..\{85BB5E86-A83D-4442-B744-C4257BA23FA7}: NameServer = 160.218.10.200 160.218.43.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ice.corp
O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\BricsCad\BrxProtIE.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jedno přihlášení do programu Lotus Notes (Lotus Notes Single Logon) - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
--
End of file - 12170 byte
Re: Braviax.exe a šmejdy natahované do oper. paměti
Fixni v HJT (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):
Doinstaluj poriadny firewall a antispyware a malo by to byt vsetko.
Kód: Vybrat vše
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://wwx.euras.com/euras/EIS/plugin/euras.cabDoinstaluj poriadny firewall a antispyware a malo by to byt vsetko.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Braviax.exe a šmejdy natahované do oper. paměti
Díky za Tvou pomoc a zároveň prosba o pomoc s těmi PC co mám doma. To však bude až se dostanu domů.
S pozdravem
Jiří M.
S pozdravem
Jiří M.
Re: Braviax.exe a šmejdy natahované do oper. paměti
Nemas zaco. Vklude napis bud sem, alebo kdekolvek inde :)
A vela zdaru, maj sa fajn.
A vela zdaru, maj sa fajn.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 0 hostů