PC se restartuje a spamuje port:3389
Napsal: 20 pro 2011 22:25
Dobrý den, řeším problém na třech PC...pc se restartuje cca po 1h práce bez jakékoliv hlášky, navíc spamuje na portu: 3389 byl bych rád za identifikaci příčiny.
LOG:
ComboFix 11-12-20.04 - a 20.12.2011 22:03:38.1.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1288 [GMT 1:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\Offline Web Pages\cache.txt
c:\windows\regedit.com
c:\windows\system32\sens32.dll
c:\windows\system32\taskmgr.com
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-20 do 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 20:49 . 2011-12-20 20:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-12-20 20:49 . 2011-12-20 20:49 -------- d-----w- c:\documents and settings\a\Data aplikací\SUPERAntiSpyware.com
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\VDLL.DLL
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\logo1_.exe
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\logo_1.exe
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\system32\runouce.exe
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\rundll16.exe
2011-12-20 20:09 . 2011-12-20 20:09 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-12-20 20:09 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-12-20 20:09 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-12-20 20:09 . 2011-12-20 20:09 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-12-20 20:09 . 2011-12-20 20:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-12-08 10:25 . 2011-12-08 10:25 359040 ----a-w- c:\windows\system32\tcpip.dat
2011-11-22 10:27 . 2011-11-22 10:27 -------- d-----w- c:\documents and settings\a\Data aplikací\Sharpdesk
2011-11-22 10:23 . 2011-11-22 10:23 -------- d-----w- c:\documents and settings\a\Data aplikací\Nuance
2011-11-22 10:23 . 2011-11-22 10:23 -------- d-----w- c:\program files\Common Files\Sharp Shared
2011-11-22 10:21 . 2011-11-22 10:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sharp
2011-11-22 10:13 . 2011-11-22 10:13 -------- d-----w- c:\program files\SHARP
2011-11-22 10:13 . 2008-10-29 05:18 98304 ----a-w- c:\windows\system32\SK3ELMON.dll
2011-11-22 10:13 . 2007-04-17 07:11 45056 ----a-w- c:\windows\system32\SK3EMTNT.dll
2011-11-22 10:13 . 2010-04-21 04:58 163932 ------r- c:\windows\_isusr32.dll
2011-11-22 10:13 . 2010-05-28 06:30 32768 ------w- c:\windows\system32\_isusr2k.dll
2011-11-22 10:11 . 2011-11-22 10:11 -------- d-----w- c:\windows\system32\SCDRV
2011-11-22 10:11 . 2011-11-22 10:11 -------- d-----w- c:\documents and settings\a\Data aplikací\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 10:25 . 2004-08-18 09:00 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-10 14:22 . 2009-06-17 12:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-18 09:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:21 . 2011-09-26 15:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 10:41 . 2007-10-09 12:03 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-18 09:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 10:41 . 2004-08-18 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-08 . 1CB54BE018258D47FD3FB3278B387793 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\fe608cd8d2b8f77abaee7a69a696bcf7\SP3GDR\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-10 4366848]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-10 962112]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-10 165144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FtpServer.exe"="c:\program files\Sharp\Sharpdesk\FtpServer.exe" [2010-02-21 819712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\SHARP\\Sharpdesk\\FTPServer.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16.3.2011 16:03 32592]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [30.3.2010 16:51 971232]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 6:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5.4.2011 0:59 297168]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 84520]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.8.2011 1:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14.4.2011 21:28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 7:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 7:53 27216]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\a\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\a\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\a\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\a\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.20.1
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 22:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2304)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG10\AVGCHSVX.EXE
c:\windows\system32\logonui.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\AVG\AVG10\AVGRSX.EXE
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\rdpclip.exe
c:\program files\Sharp\Sharpdesk\nsapp.exe
.
**************************************************************************
.
Celkový čas: 2011-12-20 22:17:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-20 21:17
.
Před spuštěním: Volných bajtů: 55 333 650 432
Po spuštění: Volných bajtů: 60 887 695 360
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 624EC13D2F1F5F3E5618EA63F2307BC4
LOG:
ComboFix 11-12-20.04 - a 20.12.2011 22:03:38.1.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1288 [GMT 1:00]
Spuštěný z: c:\documents and settings\a\Plocha\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\Offline Web Pages\cache.txt
c:\windows\regedit.com
c:\windows\system32\sens32.dll
c:\windows\system32\taskmgr.com
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-20 do 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 20:49 . 2011-12-20 20:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2011-12-20 20:49 . 2011-12-20 20:49 -------- d-----w- c:\documents and settings\a\Data aplikací\SUPERAntiSpyware.com
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\VDLL.DLL
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\logo1_.exe
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\logo_1.exe
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\system32\runouce.exe
2011-12-20 20:13 . 2011-12-20 20:13 -------- d---a-w- c:\windows\rundll16.exe
2011-12-20 20:09 . 2011-12-20 20:09 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-12-20 20:09 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-12-20 20:09 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-12-20 20:09 . 2011-12-20 20:09 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-12-20 20:09 . 2011-12-20 20:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-12-08 10:25 . 2011-12-08 10:25 359040 ----a-w- c:\windows\system32\tcpip.dat
2011-11-22 10:27 . 2011-11-22 10:27 -------- d-----w- c:\documents and settings\a\Data aplikací\Sharpdesk
2011-11-22 10:23 . 2011-11-22 10:23 -------- d-----w- c:\documents and settings\a\Data aplikací\Nuance
2011-11-22 10:23 . 2011-11-22 10:23 -------- d-----w- c:\program files\Common Files\Sharp Shared
2011-11-22 10:21 . 2011-11-22 10:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sharp
2011-11-22 10:13 . 2011-11-22 10:13 -------- d-----w- c:\program files\SHARP
2011-11-22 10:13 . 2008-10-29 05:18 98304 ----a-w- c:\windows\system32\SK3ELMON.dll
2011-11-22 10:13 . 2007-04-17 07:11 45056 ----a-w- c:\windows\system32\SK3EMTNT.dll
2011-11-22 10:13 . 2010-04-21 04:58 163932 ------r- c:\windows\_isusr32.dll
2011-11-22 10:13 . 2010-05-28 06:30 32768 ------w- c:\windows\system32\_isusr2k.dll
2011-11-22 10:11 . 2011-11-22 10:11 -------- d-----w- c:\windows\system32\SCDRV
2011-11-22 10:11 . 2011-11-22 10:11 -------- d-----w- c:\documents and settings\a\Data aplikací\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 10:25 . 2004-08-18 09:00 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-10 14:22 . 2009-06-17 12:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-18 09:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:21 . 2011-09-26 15:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 10:41 . 2007-10-09 12:03 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-18 09:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 10:41 . 2004-08-18 09:00 220160 ----a-w- c:\windows\system32\oleacc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-08 . 1CB54BE018258D47FD3FB3278B387793 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\fe608cd8d2b8f77abaee7a69a696bcf7\SP3GDR\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-10 4366848]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-10 962112]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-10 165144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FtpServer.exe"="c:\program files\Sharp\Sharpdesk\FtpServer.exe" [2010-02-21 819712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\SHARP\\Sharpdesk\\FTPServer.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.2.2011 8:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16.3.2011 16:03 32592]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [30.3.2010 16:51 971232]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 6:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5.4.2011 0:59 297168]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 84520]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.8.2011 1:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14.4.2011 21:28 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.2.2011 7:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.2.2011 7:53 27216]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\a\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\a\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\a\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\a\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.20.1
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 22:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2304)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG10\AVGCHSVX.EXE
c:\windows\system32\logonui.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\AVG\AVG10\AVGRSX.EXE
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\rdpclip.exe
c:\program files\Sharp\Sharpdesk\nsapp.exe
.
**************************************************************************
.
Celkový čas: 2011-12-20 22:17:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-20 21:17
.
Před spuštěním: Volných bajtů: 55 333 650 432
Po spuštění: Volných bajtů: 60 887 695 360
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 624EC13D2F1F5F3E5618EA63F2307BC4
Bohuzel nam zmizlo nekam tema s pravidly fora, usilovne patrame, ale bylo tam psano neco ve smylu, ze se firemnimi PC nezabyvame. Tak aspon snad vam to citace dvou kolegu vysvetli lepe