Link-Layer Topology Responder for NDIS 6 (rspndr.sys) has received a Broadcast packet from the remote machine (192.168.0.1). Do you want to allow this program to access the network.
Generic Host Process for Win32 Services (svchost.exe) is being contacted from a remote machine.......
Generic Host Process for Win32 Services (svchost.exe) is trying to send an ICMP Type 8 (echo request)......
SPFirewall - uruchamia plik DLL jako aplikację. (RUNDLL32.EXE) is trying to broadcast to (224.0.0.22)....
(nie dopisałem wszystkich komunikatów do końca stąd te kropki, mam nadzieje że przepisałem te komunikaty prawidłowo, bez żadnych błędów)
Oto screen z firewall'a:
Log z programu HiJackThis:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:08, on 14-09-2008
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\SPF_Sygate_firewall\smc.exe
C:\WINDOWS\Explorer.EXE
D:\Programy\Avast4\aswUpdSv.exe
D:\Programy\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PHP_SERWER\bin\httpd.exe
D:\PHP_SERWER\bin\httpd.exe
D:\PHP_SERWER\mysql5\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Programy\Alcohol 120\StarWind\StarWindService.exe
D:\Programy\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programy\Avast4\ashWebSv.exe
D:\Programy\Avast4\ashDisp.exe
D:\Programy\Security\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\PHP_SERWER\bin\ApacheMonitor.exe
D:\website_development\web browsers\Mozilla Firefox 3\firefox.exe
D:\Programy\Bezpieczenstwo\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] D:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] D:\Programy\SPF_SY~1\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programy\Security\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Monitor Apache Servers.lnk = D:\PHP_SERWER\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Clean Traces - D:\Programy\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Programy\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Programy\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - D:\DyskC\Pulpit\Programy\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\DyskC\Pulpit\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Security\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Security\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.33/g_bin/pl/snooker_2_0_0_35.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{731C74D9-B7DC-46DA-B697-B709EF5C5100}: NameServer = 194.204.152.34,194.204.159.1
O23 - Service: Apache2.2 - Apache Software Foundation - D:\PHP_SERWER\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast4\ashWebSv.exe
O23 - Service: Critical System Service BootDrv (BootDrv) - Unknown owner - C:\WINDOWS\system32\BootDSvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MySQL - Unknown owner - D:\PHP_SERWER\mysql5\bin\mysqld-nt (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Programy\SPF_Sygate_firewall\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 5525 bytes
Czy te połączenia które wykrywa firewall są niebezpieczne, czy mogę spowodowane jakimiś trojanami/robakami itd? Czy w logu jest coś podejrzanego?
