internetová brána

[ibika]

Chcel by som sa poinformovať ako je možné zakázať internetovú bránu ktorá nonstop prijíma a odosiela pakety. Vo vlastostiach je nastavenie ktoré nonstop otvára nejaké porty zo skypu. Dík za radu

[ibika]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Perm at 2010-03-11 09:55:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 131 GB (87%) free of 150 GB
Total RAM: 1006 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:23, on 11.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\r_server.exe
C:\Perm\TomCat5\bin\tomcat5.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.2\scjview.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Perm\Plocha\RSIT.exe
C:\Program Files\trend micro\Perm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SybaseCentral42] "C:\Program Files\Sybase\Shared\Sybase Central 4.2\scjview.exe" -preload
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {43FCADDD-E421-422A-A954-840266B2BFDC} (ActiveFormX Control) - http://192.168.1.123/client/VC3001.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EACDBBC0-EC2D-4660-9A90-F6F9485E449B} (VSWebViewer Control) - http://192.168.1.123/client/VSWebViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C064D72-EA64-45F6-8129-EFDCFC70D5AA}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6681AA0B-01C7-4ED4-8560-6805B59CE252}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BF038A5-7C9C-43E3-9E1E-8AEC526F21EA}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adaptive Server Anywhere - Perm3 (ASANYs_Perm3) - iAnywhere Solutions, Inc. - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Perm\TomCat5\bin\tomcat5.exe

--
End of file - 6358 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-08-02 9134080]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2006-01-14 172032]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SybaseCentral42"=C:\Program Files\Sybase\Shared\Sybase Central 4.2\scjview.exe [2003-08-06 102400]
"DBISQL9"=C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe [2003-08-06 131072]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2006-12-18 25365032]
"kamsoft"=C:\WINDOWS\system32\kamsoft.exe []
"Gadwin PrintScreen"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2008-12-09 495616]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Sybase\SQL Anywhere 9\win32\dbeng9.exe"="C:\Program Files\Sybase\SQL Anywhere 9\win32\dbeng9.exe:*:Enabled:Adaptive Server Anywhere Database Engine"
"C:\Program Files\Sybase\Shared\Sybase Central 4.2\scjview.exe"="C:\Program Files\Sybase\Shared\Sybase Central 4.2\scjview.exe:*:Enabled:Sybase Central"
"C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe"="C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe:*:Enabled:Adaptive Server Anywhere ISQL"
"C:\Program Files\Sybase\SQL Anywhere 9\WIN32\DBSRV9.EXE"="C:\Program Files\Sybase\SQL Anywhere 9\WIN32\DBSRV9.EXE:*:Enabled:Adaptive Server Anywhere Network Server"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Perm\Plocha\KAMERA\rs 485\Utility\SmartDiscoveryLite_v10.exe"="C:\Documents and Settings\Perm\Plocha\KAMERA\rs 485\Utility\SmartDiscoveryLite_v10.exe:*:Enabled:SmartDiscoveryLite_v10"
"C:\Documents and Settings\Perm\Plocha\kamera riadenie.exe"="C:\Documents and Settings\Perm\Plocha\kamera riadenie.exe:*:Enabled:kamera riadenie"
"C:\Documents and Settings\Perm\Plocha\kamera\rs 485\Utility\kamera riadenie.exe"="C:\Documents and Settings\Perm\Plocha\kamera\rs 485\Utility\kamera riadenie.exe:*:Disabled:kamera riadenie"
"C:\Documents and Settings\Perm\Local Settings\Temp\IXP000.TMP\smwinvnc.exe"="C:\Documents and Settings\Perm\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Documents and Settings\Perm\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe"="C:\Documents and Settings\Perm\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup"
"C:\Program Files\wincmd\TOTALCMD.EXE"="C:\Program Files\wincmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\NPortAdminSuite\bin\npadmer.exe"="C:\Program Files\NPortAdminSuite\bin\npadmer.exe:*:Enabled:npadmer"
"C:\TOTALCMD\TOTALCMD.EXE"="C:\TOTALCMD\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\2fiy.bat
shell\open\command - C:\2fiy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f9eb682-fec1-11dd-acf0-001676d3d93e}]
shell\AutoRun\command - E:\cv22.cmd
shell\open\command - E:\cv22.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3039999a-f66f-11dc-acb6-001676d3d93e}]
shell\AutoRun\command - E:\abk.bat
shell\explore\command - E:\abk.bat
shell\open\command - E:\abk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fd609ce-ea17-11dc-acb0-001676d3d93e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8dd6f70-a1b7-11dc-ac68-001676d3d93e}]
shell\AUTO\command - E:\autorun.exe
shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea1843b7-c8ab-11db-ac17-001676d3d93e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecf1a8d4-e228-11dd-acd9-001676d3d93e}]
shell\AutoRun\command - E:\abk.bat
shell\explore\command - E:\abk.bat
shell\open\command - E:\abk.bat


======List of files/folders created in the last 1 months======

2010-03-11 09:55:06 ----D---- C:\rsit
2010-03-11 09:55:06 ----D---- C:\Program Files\trend micro
2010-03-11 03:01:35 ----HD---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-11 03:01:28 ----D---- C:\WINDOWS\LastGood
2010-02-24 03:00:14 ----HD---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-22 10:57:25 ----D---- C:\Documents and Settings\Perm\Data aplikací\Nvu

======List of files/folders modified in the last 1 months======

2010-03-10 12:15:38 ----A---- C:\WINDOWS\system32\log.txt
2010-03-10 12:15:38 ----A---- C:\logfile.txt
2010-03-10 12:10:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-06 09:55:28 ----A---- C:\WINDOWS\WINCMD.INI
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-24 03:00:20 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 npdrv;npdrv; C:\WINDOWS\system32\drivers\npdrv.sys [2008-04-24 60268]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-05 230400]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-06-19 43264]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-27 1171464]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2006-07-17 17408]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vserial;IC Plus Corp. Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2006-05-03 44416]
ešte log

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASANYs_Perm3;Adaptive Server Anywhere - Perm3; C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [2003-07-02 73728]
R2 LMS;Intel(R) Active Management Technology LMS Service; C:\Program Files\Intel\AMT\LMS.exe [2006-06-29 98304]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 r_server;Remote Administrator Service; C:\WINDOWS\system32\r_server.exe [2004-08-06 724992]
R2 Tomcat5;Apache Tomcat; C:\Perm\TomCat5\bin\tomcat5.exe [2004-06-18 94208]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

-----------------EOF-----------------

[JaRon]

skusime odvirit pocitac
Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f9eb682-fec1-11dd-acf0-001676d3d93e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3039999a-f66f-11dc-acb6-001676d3d93e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fd609ce-ea17-11dc-acb0-001676d3d93e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8dd6f70-a1b7-11dc-ac68-001676d3d93e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea1843b7-c8ab-11db-ac17-001676d3d93e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecf1a8d4-e228-11dd-acd9-001676d3d93e}]

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[ibika]

na tomto pc je spústa softweru na vzdialenú správu a slúži aj ako zbernica dát z jednotlivých zariadení ktoré slúžia ako monitoring. nesposobí to nejaký problém?

[JaRon]

na to aky je to dolezity stroj je podivuhodne, ze tam nie je ziadny AV
odstranovane polozky patria zavirenym USB-klucom ,,,

[ibika]

antivírusový program som odinštaloval a nainštaloval som tam teraz avast.

[ibika]

čiže možem spustit combo?

[ibika]

log z comba

ComboFix 10-03-10.07 - Perm 11.03.2010 11:22:48.1.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1006.524 [GMT 1:00]
Spuštěný z: c:\documents and settings\Perm\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Perm\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100310-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\s_pid.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KAVSYS
-------\Legacy_R_SERVER
-------\Service_r_server


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-11 do 2010-03-11 )))))))))))))))))))))))))))))))
.

2010-03-11 09:28 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-11 09:28 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-11 09:28 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-11 09:28 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-11 09:28 . 2009-11-24 23:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-11 09:28 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-11 09:28 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-11 09:28 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-11 09:28 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-11 08:55 . 2010-03-11 08:55 -------- d-----w- C:\rsit
2010-03-11 08:55 . 2010-03-11 08:55 -------- d-----w- c:\program files\trend micro
2010-03-10 11:18 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 09:58 . 2004-08-18 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:58 . 2004-08-18 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 10:42 . 2009-12-30 10:42 4058818 ----a-w- C:\Data.zip
2009-12-17 07:42 . 2006-11-03 08:51 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SybaseCentral42"="c:\program files\Sybase\Shared\Sybase Central 4.2\scjview.exe" [2003-08-06 102400]
"DBISQL9"="c:\program files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" [2003-08-06 131072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-18 25365032]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbeng9.exe"=
"c:\\Program Files\\Sybase\\Shared\\Sybase Central 4.2\\scjview.exe"=
"c:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbisqlg.exe"=
"c:\\Program Files\\Sybase\\SQL Anywhere 9\\WIN32\\DBSRV9.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Perm\\Plocha\\kamera riadenie.exe"=
"c:\\Documents and Settings\\Perm\\Plocha\\kamera\\rs 485\\Utility\\kamera riadenie.exe"=
"c:\\Program Files\\wincmd\\TOTALCMD.EXE"=
"c:\\Program Files\\NPortAdminSuite\\bin\\npadmer.exe"=
"c:\\TOTALCMD\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5001:TCP"= 5001:TCP:TomCat5
"4848:TCP"= 4848:TCP:RemoteAdmin
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.3.2010 10:28 114768]
R2 ASANYs_Perm3;Adaptive Server Anywhere - Perm3;c:\program files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -hvASANYs_Perm3 --> c:\program files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -hvASANYs_Perm3 [?]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.3.2010 10:28 20560]
R2 npdrv;npdrv;c:\windows\system32\drivers\npdrv.sys [6.1.2010 15:33 60268]
R2 Tomcat5;Apache Tomcat;c:\perm\TomCat5\bin\tomcat5.exe [18.6.2004 2:03 94208]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-30 21:18]
.
.
------- Doplňkový sken -------
.
TCP: {4C064D72-EA64-45F6-8129-EFDCFC70D5AA} = 192.168.0.1
TCP: {6681AA0B-01C7-4ED4-8560-6805B59CE252} = 192.168.0.1
TCP: {7BF038A5-7C9C-43E3-9E1E-8AEC526F21EA} = 192.168.0.1
DPF: {43FCADDD-E421-422A-A954-840266B2BFDC} - hxxp://192.168.1.123/client/VC3001.cab
DPF: {EACDBBC0-EC2D-4660-9A90-F6F9485E449B} - hxxp://192.168.1.123/client/VSWebViewer.cab
FF - ProfilePath - c:\documents and settings\Perm\Data aplikací\Mozilla\Firefox\Profiles\sfm8wwg5.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-11 11:27
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-03-11 11:29:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-11 10:29

Před spuštěním: Volných bajtů: 136 868 397 056
Po spuštění: Volných bajtů: 137 111 371 776

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4925B6F6D0B47898FFEB52801603CF56

[JaRon]

vypada to dobre prip. mozes este prescanovat s MBAM