Zavirovana sit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zavirovana sit
Dobrý den,
mám vážný problém, máme nakaženou síť nevíme čím, chová se to tak, že to odesílá neustálé požadavky na port 3389 protocol RDP po celé síti i do internetu, prověřoval jsem to network monitorem
Zkoušel sem nod32,avast, kaspersky, nic to nenajde, veškeré symptony připomínají vir Worm:Win32/Morto.A ale dll ani záznamy v registrech jsem nenalezl...
Pokud killnu svchost.exe přestane i vysílání na port 3389
Přikládám log z uměle nakaženého WM stroje:
Logfile of random's system information tool 1.09 (written by random/random)
Run by pnov at 2012-04-24 14:35:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 126 GB (97%) free of 130 GB
Total RAM: 1023 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:35:09, on 24.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\pnov\Plocha\RSIT.exe
C:\Program Files\trend micro\pnov.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkID=178584
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7474484277
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2208090500
O20 - Winlogon Notify: RailNotification - winlogonnotification.dll (file missing)
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O20 - Winlogon Notify: VMUpgradeAtShutdown - VMUpgradeAtShutdownWXP.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
--
End of file - 3804 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-27 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-27 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-27 79648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\pnov\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-01-04 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware Tools]
C:\Program Files\VMware\VMware Tools\VMwareTray.exe [2011-08-21 58480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware User Process]
C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2011-08-21 62576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware Physical Disk Helper Service"=2
"VMTools"=2
"TPVCGateway"=3
"TPAutoConnSvc"=3
"JavaQuickStarterService"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]
C:\WINDOWS\system32\winlogonnotification.dll [2009-08-19 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
C:\WINDOWS\system32\TPSvc.dll [2011-01-13 484192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VMUpgradeAtShutdown]
C:\WINDOWS\system32\VMUpgradeAtShutdownWXP.dll [2011-08-21 90224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\pnov\Local Settings\Temp\OraInstall2012-02-01_10-19-23AM\jre\1.4.2\bin\javaw.exe"="C:\Documents and Settings\pnov\Local Settings\Temp\OraInstall2012-02-01_10-19-23AM\jre\1.4.2\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Disabled:Miranda IM"
"\\nas\pnov\App\MirandaPortable\App\miranda\miranda32.exe"="\\nas\pnov\App\MirandaPortable\App\miranda\miranda32.exe:*:Disabled:miranda32.exe"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\ntvdm.exe"="C:\WINDOWS\system32\ntvdm.exe:*:Disabled:NTVDM.EXE"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-04-24 14:30:53 ----D---- C:\rsit
2012-04-24 14:30:53 ----D---- C:\Program Files\trend micro
2012-04-24 13:20:30 ----D---- C:\Program Files\Microsoft Network Monitor 3
2012-04-24 09:32:19 ----SHD---- C:\Config.Msi
2012-04-23 14:24:46 ----A---- C:\WINDOWS\system32\drivers\Cat.DB
2012-04-23 14:24:26 ----D---- C:\Program Files\Common Files\PC Tools
2012-04-23 14:24:25 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-04-23 14:19:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2012-04-23 14:15:18 ----A---- C:\WINDOWS\ntbtlog.txt
2012-04-23 14:04:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-04-23 13:32:01 ----D---- C:\WINDOWS\pss
2012-04-23 13:23:30 ----A---- C:\WINDOWS\system32\sens32.dll
2012-04-20 09:36:58 ----HDC---- C:\WINDOWS\$NtUninstallpmcmgmt$
2012-04-19 14:00:55 ----A---- C:\Upgrade.exe
2012-04-19 14:00:55 ----A---- C:\uidrvci.exe
2012-04-19 14:00:55 ----A---- C:\sqlplus.exe
2012-04-19 14:00:55 ----A---- C:\orasql11.dll
2012-04-19 14:00:55 ----A---- C:\orannzsbb11.dll
2012-04-19 14:00:55 ----A---- C:\ojdbc5.jar
2012-04-19 14:00:55 ----A---- C:\adrci.exe
2012-04-19 14:00:54 ----A---- C:\oraocci11.dll
2012-04-19 14:00:54 ----A---- C:\ociw32.dll
2012-04-19 14:00:54 ----A---- C:\oci.dll
2012-04-19 14:00:54 ----A---- C:\genezi.exe
2012-04-19 14:00:53 ----A---- C:\ojdbc6.jar
2012-04-19 14:00:45 ----A---- C:\oraociei11.dll
2012-04-19 14:00:44 ----A---- C:\xstreams.jar
2012-04-19 14:00:44 ----A---- C:\unins000.exe
2012-04-19 14:00:44 ----A---- C:\unins000.dat
2012-04-19 14:00:44 ----A---- C:\Orasqlplusic11.dll
2012-04-19 14:00:44 ----A---- C:\ocijdbc11.dll
2012-04-19 14:00:44 ----A---- C:\Labsystem.ini
2012-04-19 14:00:44 ----A---- C:\LABCS.exe
2012-04-19 09:20:36 ----D---- C:\Documents and Settings\pnov\Data aplikací\d3_viewer
2012-04-18 11:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-04-05 13:06:25 ----D---- C:\Program Files\Common Files\Borland Shared
2012-04-05 13:06:22 ----A---- C:\WINDOWS\uninst.exe
2012-03-30 09:19:33 ----D---- C:\Documents and Settings\pnov\Data aplikací\Miranda
======List of files/folders modified in the last 1 month======
2012-04-24 14:30:53 ----RD---- C:\Program Files
2012-04-24 14:19:20 ----D---- C:\WINDOWS\Temp
2012-04-24 14:17:47 ----RD---- C:\WINDOWS\Offline Web Pages
2012-04-24 14:09:21 ----SD---- C:\WINDOWS\Tasks
2012-04-24 13:54:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-04-24 13:37:07 ----D---- C:\WINDOWS\system32
2012-04-24 13:37:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-04-24 13:32:15 ----RASH---- C:\boot.ini
2012-04-24 13:32:15 ----A---- C:\WINDOWS\win.ini
2012-04-24 13:32:15 ----A---- C:\WINDOWS\system.ini
2012-04-24 13:29:22 ----D---- C:\WINDOWS\Prefetch
2012-04-24 13:21:17 ----SD---- C:\Documents and Settings\pnov\Data aplikací\Microsoft
2012-04-24 13:21:16 ----SHD---- C:\WINDOWS\Installer
2012-04-24 13:21:04 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-04-24 13:20:37 ----D---- C:\WINDOWS\system32\CatRoot2
2012-04-24 12:12:25 ----D---- C:\WINDOWS
2012-04-24 10:14:14 ----SHD---- C:\System Volume Information
2012-04-24 10:14:14 ----D---- C:\WINDOWS\system32\drivers
2012-04-24 09:47:39 ----HD---- C:\WINDOWS\inf
2012-04-24 09:17:15 ----D---- C:\WINDOWS\system32\Restore
2012-04-23 14:24:41 ----D---- C:\WINDOWS\WinSxS
2012-04-23 14:24:26 ----D---- C:\Program Files\Common Files
2012-04-23 13:53:07 ----D---- C:\WINDOWS\security
2012-04-23 13:13:06 ----D---- C:\Documents and Settings
2012-04-23 13:12:57 ----SHD---- C:\RECYCLER
2012-04-23 13:10:24 ----D---- C:\WINDOWS\system32\appmgmt
2012-04-20 09:37:02 ----D---- C:\WINDOWS\Help
2012-04-19 09:20:35 ----RSD---- C:\WINDOWS\Fonts
2012-04-18 11:19:42 ----A---- C:\WINDOWS\imsins.BAK
2012-04-18 11:19:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-04-18 11:19:37 ----D---- C:\Program Files\Internet Explorer
2012-04-18 11:19:29 ----HD---- C:\WINDOWS\$hf_mig$
2012-04-18 11:18:42 ----A---- C:\WINDOWS\system32\MRT.exe
2012-04-05 14:51:47 ----HD---- C:\WINDOWS\system32\GroupPolicy
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 vmci;VMware VMCI Bus Driver; C:\WINDOWS\system32\DRIVERS\vmci.sys [2011-08-21 98928]
R0 vmscsi;vmscsi; C:\WINDOWS\System32\DRIVERS\vmscsi.sys [2011-08-21 17968]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 vmhgfs;vmhgfs; C:\WINDOWS\System32\DRIVERS\vmhgfs.sys [2011-08-21 143344]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 VMMEMCTL;Memory Control Driver; \??\C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2011-08-21 11440]
R3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2011-08-21 102256]
R3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2011-08-21 30000]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vpcbus;Virtual PC Bus Guest Service; C:\WINDOWS\system32\DRIVERS\vpcgbus.sys [2009-09-12 178176]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-02-27 153376]
S4 TPAutoConnSvc;TP AutoConnect Service; C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe [2010-08-02 263496]
S4 TPVCGateway;TP VC Gateway Service; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2010-10-07 394104]
S4 VMTools;VMware Tools; C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2011-08-21 62576]
S4 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [2011-08-21 432752]
-----------------EOF-----------------
Děkuji za radu...
mám vážný problém, máme nakaženou síť nevíme čím, chová se to tak, že to odesílá neustálé požadavky na port 3389 protocol RDP po celé síti i do internetu, prověřoval jsem to network monitorem
Zkoušel sem nod32,avast, kaspersky, nic to nenajde, veškeré symptony připomínají vir Worm:Win32/Morto.A ale dll ani záznamy v registrech jsem nenalezl...
Pokud killnu svchost.exe přestane i vysílání na port 3389
Přikládám log z uměle nakaženého WM stroje:
Logfile of random's system information tool 1.09 (written by random/random)
Run by pnov at 2012-04-24 14:35:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 126 GB (97%) free of 130 GB
Total RAM: 1023 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:35:09, on 24.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\pnov\Plocha\RSIT.exe
C:\Program Files\trend micro\pnov.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkID=178584
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7474484277
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2208090500
O20 - Winlogon Notify: RailNotification - winlogonnotification.dll (file missing)
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O20 - Winlogon Notify: VMUpgradeAtShutdown - VMUpgradeAtShutdownWXP.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
--
End of file - 3804 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-27 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-27 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-27 79648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\pnov\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-01-04 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware Tools]
C:\Program Files\VMware\VMware Tools\VMwareTray.exe [2011-08-21 58480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware User Process]
C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2011-08-21 62576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware Physical Disk Helper Service"=2
"VMTools"=2
"TPVCGateway"=3
"TPAutoConnSvc"=3
"JavaQuickStarterService"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RailNotification]
C:\WINDOWS\system32\winlogonnotification.dll [2009-08-19 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
C:\WINDOWS\system32\TPSvc.dll [2011-01-13 484192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VMUpgradeAtShutdown]
C:\WINDOWS\system32\VMUpgradeAtShutdownWXP.dll [2011-08-21 90224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\pnov\Local Settings\Temp\OraInstall2012-02-01_10-19-23AM\jre\1.4.2\bin\javaw.exe"="C:\Documents and Settings\pnov\Local Settings\Temp\OraInstall2012-02-01_10-19-23AM\jre\1.4.2\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Disabled:Miranda IM"
"\\nas\pnov\App\MirandaPortable\App\miranda\miranda32.exe"="\\nas\pnov\App\MirandaPortable\App\miranda\miranda32.exe:*:Disabled:miranda32.exe"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\ntvdm.exe"="C:\WINDOWS\system32\ntvdm.exe:*:Disabled:NTVDM.EXE"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-04-24 14:30:53 ----D---- C:\rsit
2012-04-24 14:30:53 ----D---- C:\Program Files\trend micro
2012-04-24 13:20:30 ----D---- C:\Program Files\Microsoft Network Monitor 3
2012-04-24 09:32:19 ----SHD---- C:\Config.Msi
2012-04-23 14:24:46 ----A---- C:\WINDOWS\system32\drivers\Cat.DB
2012-04-23 14:24:26 ----D---- C:\Program Files\Common Files\PC Tools
2012-04-23 14:24:25 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-04-23 14:19:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2012-04-23 14:15:18 ----A---- C:\WINDOWS\ntbtlog.txt
2012-04-23 14:04:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-04-23 13:32:01 ----D---- C:\WINDOWS\pss
2012-04-23 13:23:30 ----A---- C:\WINDOWS\system32\sens32.dll
2012-04-20 09:36:58 ----HDC---- C:\WINDOWS\$NtUninstallpmcmgmt$
2012-04-19 14:00:55 ----A---- C:\Upgrade.exe
2012-04-19 14:00:55 ----A---- C:\uidrvci.exe
2012-04-19 14:00:55 ----A---- C:\sqlplus.exe
2012-04-19 14:00:55 ----A---- C:\orasql11.dll
2012-04-19 14:00:55 ----A---- C:\orannzsbb11.dll
2012-04-19 14:00:55 ----A---- C:\ojdbc5.jar
2012-04-19 14:00:55 ----A---- C:\adrci.exe
2012-04-19 14:00:54 ----A---- C:\oraocci11.dll
2012-04-19 14:00:54 ----A---- C:\ociw32.dll
2012-04-19 14:00:54 ----A---- C:\oci.dll
2012-04-19 14:00:54 ----A---- C:\genezi.exe
2012-04-19 14:00:53 ----A---- C:\ojdbc6.jar
2012-04-19 14:00:45 ----A---- C:\oraociei11.dll
2012-04-19 14:00:44 ----A---- C:\xstreams.jar
2012-04-19 14:00:44 ----A---- C:\unins000.exe
2012-04-19 14:00:44 ----A---- C:\unins000.dat
2012-04-19 14:00:44 ----A---- C:\Orasqlplusic11.dll
2012-04-19 14:00:44 ----A---- C:\ocijdbc11.dll
2012-04-19 14:00:44 ----A---- C:\Labsystem.ini
2012-04-19 14:00:44 ----A---- C:\LABCS.exe
2012-04-19 09:20:36 ----D---- C:\Documents and Settings\pnov\Data aplikací\d3_viewer
2012-04-18 11:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-04-05 13:06:25 ----D---- C:\Program Files\Common Files\Borland Shared
2012-04-05 13:06:22 ----A---- C:\WINDOWS\uninst.exe
2012-03-30 09:19:33 ----D---- C:\Documents and Settings\pnov\Data aplikací\Miranda
======List of files/folders modified in the last 1 month======
2012-04-24 14:30:53 ----RD---- C:\Program Files
2012-04-24 14:19:20 ----D---- C:\WINDOWS\Temp
2012-04-24 14:17:47 ----RD---- C:\WINDOWS\Offline Web Pages
2012-04-24 14:09:21 ----SD---- C:\WINDOWS\Tasks
2012-04-24 13:54:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-04-24 13:37:07 ----D---- C:\WINDOWS\system32
2012-04-24 13:37:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-04-24 13:32:15 ----RASH---- C:\boot.ini
2012-04-24 13:32:15 ----A---- C:\WINDOWS\win.ini
2012-04-24 13:32:15 ----A---- C:\WINDOWS\system.ini
2012-04-24 13:29:22 ----D---- C:\WINDOWS\Prefetch
2012-04-24 13:21:17 ----SD---- C:\Documents and Settings\pnov\Data aplikací\Microsoft
2012-04-24 13:21:16 ----SHD---- C:\WINDOWS\Installer
2012-04-24 13:21:04 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-04-24 13:20:37 ----D---- C:\WINDOWS\system32\CatRoot2
2012-04-24 12:12:25 ----D---- C:\WINDOWS
2012-04-24 10:14:14 ----SHD---- C:\System Volume Information
2012-04-24 10:14:14 ----D---- C:\WINDOWS\system32\drivers
2012-04-24 09:47:39 ----HD---- C:\WINDOWS\inf
2012-04-24 09:17:15 ----D---- C:\WINDOWS\system32\Restore
2012-04-23 14:24:41 ----D---- C:\WINDOWS\WinSxS
2012-04-23 14:24:26 ----D---- C:\Program Files\Common Files
2012-04-23 13:53:07 ----D---- C:\WINDOWS\security
2012-04-23 13:13:06 ----D---- C:\Documents and Settings
2012-04-23 13:12:57 ----SHD---- C:\RECYCLER
2012-04-23 13:10:24 ----D---- C:\WINDOWS\system32\appmgmt
2012-04-20 09:37:02 ----D---- C:\WINDOWS\Help
2012-04-19 09:20:35 ----RSD---- C:\WINDOWS\Fonts
2012-04-18 11:19:42 ----A---- C:\WINDOWS\imsins.BAK
2012-04-18 11:19:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-04-18 11:19:37 ----D---- C:\Program Files\Internet Explorer
2012-04-18 11:19:29 ----HD---- C:\WINDOWS\$hf_mig$
2012-04-18 11:18:42 ----A---- C:\WINDOWS\system32\MRT.exe
2012-04-05 14:51:47 ----HD---- C:\WINDOWS\system32\GroupPolicy
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 vmci;VMware VMCI Bus Driver; C:\WINDOWS\system32\DRIVERS\vmci.sys [2011-08-21 98928]
R0 vmscsi;vmscsi; C:\WINDOWS\System32\DRIVERS\vmscsi.sys [2011-08-21 17968]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 vmhgfs;vmhgfs; C:\WINDOWS\System32\DRIVERS\vmhgfs.sys [2011-08-21 143344]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 VMMEMCTL;Memory Control Driver; \??\C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2011-08-21 11440]
R3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2011-08-21 102256]
R3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2011-08-21 30000]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vpcbus;Virtual PC Bus Guest Service; C:\WINDOWS\system32\DRIVERS\vpcgbus.sys [2009-09-12 178176]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-02-27 153376]
S4 TPAutoConnSvc;TP AutoConnect Service; C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe [2010-08-02 263496]
S4 TPVCGateway;TP VC Gateway Service; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2010-10-07 394104]
S4 VMTools;VMware Tools; C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2011-08-21 62576]
S4 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [2011-08-21 432752]
-----------------EOF-----------------
Děkuji za radu...
Re: Zavirovana sit
Zdravim
Jakou sit myslite? Nejakou firemni nebo domaci?
Jakou sit myslite? Nejakou firemni nebo domaci?
Re: Zavirovana sit
firemni, ale nejspis se to tyka jenom windows xp, pokud je to ta mutace, tech mame cca jeste 30 
Re: Zavirovana sit
Jen dotaz, vy jste tam spravce site z IT oddeleni 
Re: Zavirovana sit
jsem ale to snad je jedno ne?
- Danstahr
- Přítel fóra

- Příspěvky: 1069
- Registrován: 28 Říj 2006 20:23
- Místo/Bydliště: Londýn
- Kontaktovat uživatele:
Re: Zavirovana sit
Ehm...

Pravidla napsal:6. Fórum viry.cz se nezabývá odvirováním firemních PC - na toto jsou ve firmách placení (a někdy až hodně nadstandardně) IT technici, případně si je firma může najmou. My jsme tu zdarma a ve svém volném čase, nehodláme dělat práci za někoho jiného, kdo si pak jen slízne smetánku a plat. Taktéž ani neposkytujeme poradenství v oblasti zabezpečení firemních sítí či nastavení firemních sítí. Zkrátka a jednoduše, naše fórum poskytuje podporu domácím uživatelům.
Koupím trochu času, cenu respektuji.
Re: Zavirovana sit
No a predpokladam, ze jste za to i placen - prave za toto - ze resite problemy, ktere jsou s PC\siti.
My jsme tu zdarma, ve svem volnem case - nehodlame delat praci za nekoho jineho, kdo za nas pak jen vezme odmenu\vyplatu.
A je zmineho i v pravidlech fora, ze firemnimi PC\sitemi se nezabyvame http://forum.viry.cz/viewforum.php?f=12
My jsme tu zdarma, ve svem volnem case - nehodlame delat praci za nekoho jineho, kdo za nas pak jen vezme odmenu\vyplatu.
A je zmineho i v pravidlech fora, ze firemnimi PC\sitemi se nezabyvame http://forum.viry.cz/viewforum.php?f=12
6. Fórum viry.cz se nezabývá odvirováním firemních PC - na toto jsou ve firmách placení (a někdy až hodně nadstandardně) IT technici, případně si je firma může najmou. My jsme tu zdarma a ve svém volném čase, nehodláme dělat práci za někoho jiného, kdo si pak jen slízne smetánku a plat. Taktéž ani neposkytujeme poradenství v oblasti zabezpečení firemních sítí či nastavení firemních sítí. Zkrátka a jednoduše, naše fórum poskytuje podporu domácím uživatelům.
Re: Zavirovana sit
Koukam, ze kolega jiz vam citaci pravidel dal 



Přispějete na provoz fóra?