Po załadowaniu sie windowsa po starcie systemu wyskakuje takie powiadomienie.....W czym tkwi problem
,proszę o pomoc
Aktualizacje na programosy.pl:
VinylStudio • ungoogled-chromium • K-Lite Codec Pack Update • grepWin • FastKeys • Media Player Classic Home Cinema Portable • Media Player Classic Home Cinema • Tablacus Explorer • VidCoder Portable
-
- Ogłoszenie:
wyskakujące powiadomienie
22 posty(ów) • Strona 1 z 2 • 1, 2
Wyskakujące powiadomienie
przez maci 28 Sie 2007, 15:38
Po załadowaniu sie windowsa po starcie systemu wyskakuje takie powiadomienie.....W czym tkwi problem
,proszę o pomoc - maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
przez Lukesh 28 Sie 2007, 15:49
To najprawdopodobniej trojan, ktorego trzeba ubic.
Wklej logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
Wklej logi wg opisu: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
][_, ([]) ][_, xD
Niedaleko od Krakowa leży miasto Częstochowa,
dzieją się tam różne rzeczy, zakonnice mają dzieci
I kup sobie chamie medalik na szyje,
nic Ci się nie stanie i tramwaj nie zabije,
I kup sobie chamie obrączkę na rączkę,
nie będziesz chorował na kiłe i rzeżączkę.
Medalikarz mądra głowa, niech nam żyje Częstochowa,
czy za dyche, czy za piątkę kupisz chamie tu pamiątkę,
a pamiątka z Częstochowy to karabin maszynowy !
Niedaleko od Krakowa leży miasto Częstochowa,
dzieją się tam różne rzeczy, zakonnice mają dzieci
I kup sobie chamie medalik na szyje,
nic Ci się nie stanie i tramwaj nie zabije,
I kup sobie chamie obrączkę na rączkę,
nie będziesz chorował na kiłe i rzeżączkę.
Medalikarz mądra głowa, niech nam żyje Częstochowa,
czy za dyche, czy za piątkę kupisz chamie tu pamiątkę,
a pamiątka z Częstochowy to karabin maszynowy !
-
Lukesh - *mod
- Posty: 7838
- Dołączenie: 11 Lis 2005, 21:45
- Miejscowość: Częstochowa / Kraków
- Pochwały: 852
-
przez maci 28 Sie 2007, 15:52
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 15:41:13, on 2007-08-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ro0\stispk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Maxthon\Maxthon.exe
E:\Program Files\totalcmd\TOTALCMD.EXE
D:\MACIEK\ROZNE\INSTALKI\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Firewall\TRASH.EXE (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Firewall\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp\WinStylerThemeSvc.exe
Do tego firewall blokuje jakis dziwny proces o nazwie qmckibab.exe
- maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
-
przez wojtas 28 Sie 2007, 16:05
przeskanuj ten plik:
tu i daj raporty:
http://virusscan.jotti.org/
http://www.virustotal.com/
oraz wklej loga z dss'a
C:\WINDOWS\system32\ro0\stispk.exe
tu i daj raporty:
http://virusscan.jotti.org/
http://www.virustotal.com/
oraz wklej loga z dss'a
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez maci 28 Sie 2007, 16:25
- Kod: Zaznacz wszystko
Deckard's System Scanner v20070826.66
Run by Maciek on 2007-08-28 16:10:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; System Restore is disabled (service is not running).
Backed up registry hives.
Performed disk cleanup.
[color=red]Percentage of Memory in Use: 78% (more than 75%).[/color]
[color=red]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]
-- HijackThis (run as Maciek.exe) ----------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-28 16:11:52
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\AvpM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ro0\stispk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Maxthon\Maxthon.exe
E:\Program Files\totalcmd\TOTALCMD.EXE
D:\AKTUALNIE SCIAGANE\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\Program Files\FlashGet\Jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Program Files\FlashGet\fgiebar.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKEY_LOCAL_MACHINE\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Outpost Firewall] C:\Program Files\Firewall\outpost.exe /waitservice
O4 - HKEY_LOCAL_MACHINE\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Firewall\outpost.exe /service
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - "C:\Program Files\TuneUp\WinStylerThemeSvc.exe"
-- HijackThis Fixed Entries (D:\MACIEK\ROZNE\INSTALKI\backups\) ----------------
backup-20060907-204952-275 O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{7AB8B3A6-A88C-462F-934C-04D8B7502F55}.dll (file missing)
backup-20060907-204952-495 O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{7AB8B3A6-A88C-462F-934C-04D8B7502F55}.dll (file missing)
backup-20060907-204952-578 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?296
backup-20060907-204952-670 O15 - Trusted Zone: www.1987324.com
backup-20060907-210056-955 O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
backup-20060907-211516-910 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.118
backup-20060907-211516-993 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.118
backup-20060907-213436-176 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20060907-213436-425 O17 - HKLM\System\CCS\Services\Tcpip\..\{B73146B1-BA88-4BC9-B0D2-8136EE3763E1}: NameServer = 85.255.113.196,85.255.112.118
backup-20060907-213436-698 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20061023-120217-370 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061023-120217-715 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA494E7-A0DC-4ADD-ADB0-858347DEFF51}: NameServer = 85.255.113.150,85.255.112.233
backup-20061023-120217-735 O17 - HKLM\System\CCS\Services\Tcpip\..\{B73146B1-BA88-4BC9-B0D2-8136EE3763E1}: NameServer = 85.255.113.150,85.255.112.233
backup-20061023-120217-765 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061025-184734-904 O17 - HKLM\System\CCS\Services\Tcpip\..\{B73146B1-BA88-4BC9-B0D2-8136EE3763E1}: NameServer = 85.255.113.150,85.255.112.233
backup-20061025-184734-987 O17 - HKLM\System\CCS\Services\Tcpip\..\{2AF4DCB5-901E-4C66-BB33-738235F5F219}: NameServer = 85.255.113.150,85.255.112.233
backup-20061025-184735-182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061025-184735-351 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA494E7-A0DC-4ADD-ADB0-858347DEFF51}: NameServer = 85.255.113.150,85.255.112.233
backup-20061025-184735-747 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061025-184735-915 O17 - HKLM\System\CS1\Services\Tcpip\..\{2AF4DCB5-901E-4C66-BB33-738235F5F219}: NameServer = 85.255.113.150,85.255.112.233
backup-20061102-192931-791 O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
backup-20061106-160829-498 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA494E7-A0DC-4ADD-ADB0-858347DEFF51}: NameServer = 85.255.113.150,85.255.112.233
backup-20061106-160829-530 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061106-160829-676 O17 - HKLM\System\CCS\Services\Tcpip\..\{2AF4DCB5-901E-4C66-BB33-738235F5F219}: NameServer = 85.255.113.150,85.255.112.233
backup-20061106-160829-708 O17 - HKLM\System\CS1\Services\Tcpip\..\{2AF4DCB5-901E-4C66-BB33-738235F5F219}: NameServer = 85.255.113.150,85.255.112.233
backup-20061106-160829-718 O17 - HKLM\System\CCS\Services\Tcpip\..\{B73146B1-BA88-4BC9-B0D2-8136EE3763E1}: NameServer = 85.255.113.150,85.255.112.233
backup-20061106-160829-893 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061116-170156-248 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061116-170156-270 O17 - HKLM\System\CCS\Services\Tcpip\..\{2AF4DCB5-901E-4C66-BB33-738235F5F219}: NameServer = 85.255.113.150,85.255.112.233
backup-20061116-170156-278 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA494E7-A0DC-4ADD-ADB0-858347DEFF51}: NameServer = 85.255.113.150,85.255.112.233
backup-20061116-170156-426 O17 - HKLM\System\CS1\Services\Tcpip\..\{2AF4DCB5-901E-4C66-BB33-738235F5F219}: NameServer = 85.255.113.150,85.255.112.233
backup-20061116-170156-499 O17 - HKLM\System\CCS\Services\Tcpip\..\{B73146B1-BA88-4BC9-B0D2-8136EE3763E1}: NameServer = 85.255.113.150,85.255.112.233
backup-20061116-170156-611 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061204-153317-163 O17 - HKLM\System\CS1\Services\Tcpip\..\{2AF4DCB5-901E-4C66-BB33-738235F5F219}: NameServer = 85.255.113.150,85.255.112.233
backup-20061204-153317-259 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA494E7-A0DC-4ADD-ADB0-858347DEFF51}: NameServer = 85.255.113.150,85.255.112.233
backup-20061204-153317-292 O17 - HKLM\System\CCS\Services\Tcpip\..\{2AF4DCB5-901E-4C66-BB33-738235F5F219}: NameServer = 85.255.113.150,85.255.112.233
backup-20061204-153317-362 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061204-153317-802 O17 - HKLM\System\CCS\Services\Tcpip\..\{B73146B1-BA88-4BC9-B0D2-8136EE3763E1}: NameServer = 85.255.113.150,85.255.112.233
backup-20061204-153317-896 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.150 85.255.112.233
backup-20061208-162946-717 O21 - SSODL: CDRecorder026 - {A3BC5E20-0235-1ABF-9CE1-00AA00512026} - (no file)
backup-20061208-162946-785 O21 - SSODL: uSaKLM - {E43856CD-4E92-FC67-F802-CE2ABBB22E38} - C:\WINDOWS\system32\ckg.dll (file missing)
backup-20070130-144532-615 O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\sysmon.exe
backup-20070502-125215-296 O2 - BHO: 0 - {DDF0C957-29D6-40E7-A7B0-AD7661B4CDE5} - C:\Program Files\MSN Gaming Zone\lazu.dll
backup-20070502-125215-453 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070502-125215-630 O4 - HKLM\..\Run: [services] C:\windows\services.exe
backup-20070502-125215-720 O4 - HKLM\..\Run: [ms0569812-4660] C:\WINDOWS\ms0569812-4660.exe
backup-20070502-125215-766 O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
backup-20070502-125215-816 O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
backup-20070502-125215-911 O2 - BHO: Ofb11 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
backup-20070502-125215-919 O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
backup-20070502-125216-872 O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels32.exe
backup-20070502-125222-681 O20 - Winlogon Notify: winubg32 - C:\WINDOWS\SYSTEM32\winubg32.dll
backup-20070502-142641-300 O2 - BHO: 0 - {450F9AD8-710E-45AF-C3B0-9BDF7EA901DB} - C:\Program Files\MSN Gaming Zone\lazu.dll (file missing)
backup-20070502-225139-832 O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll (file missing)
backup-20070523-141046-290 O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
backup-20070611-172618-242 O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp\WinStylerThemeSvc.exe
backup-20070725-185436-474 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
backup-20070725-185436-619 O15 - Trusted Zone: http://mks.com.pl
backup-20070725-185731-815 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070828-145756-947 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 ewido security suite driver - c:\program files\ewido anti-malware\guard.sys
R1 lanmandrv - c:\windows\system32\lanmandrv.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 VFILT (Outpost Firewall Kernel Driver) - c:\program files\firewall\kernel\2000\filtnt.sys <Not Verified; Agnitum; Virtual Firewall>
R2 BT848 (AVerMedia, AVerTV WDM Video Capture) - c:\windows\system32\drivers\bt848.sys <Not Verified; AVerMedia TECHNOLOGIES, Inc.; bt848.sys>
R2 BTTUNER (AVerMedia, AVerTV WDM TvTuner) - c:\windows\system32\drivers\bttuner.sys <Not Verified; AVerMedia TECHNOLOGIES, Inc.; bttuner.sys>
R2 BTXBAR (AVerMedia, AVerTV WDM Crossbar) - c:\windows\system32\drivers\btxbar.sys <Not Verified; AVerMedia, TECHNOLOGIES, Inc.; btxbar.sys>
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
R3 ADBLOCK.DLL (Outpost Firewall PlugIn (ADBLOCK.DLL)) - c:\program files\firewall\kernel\adblock.dll <Not Verified; Agnitum; Outpost Firewall>
R3 CONTENT.DLL (Outpost Firewall PlugIn (CONTENT.DLL)) - c:\program files\firewall\kernel\content.dll <Not Verified; Agnitum; Outpost Firewall>
R3 DNSCACHE.DLL (Outpost Firewall PlugIn (DNSCACHE.DLL)) - c:\program files\firewall\kernel\dnscache.dll <Not Verified; Agnitum; Outpost Firewall>
R3 FTPFILT.DLL (Outpost Firewall PlugIn (FTPFILT.DLL)) - c:\program files\firewall\kernel\ftpfilt.dll <Not Verified; Agnitum; Outpost Firewall>
R3 HTMLFILT.DLL (Outpost Firewall PlugIn (HTMLFILT.DLL)) - c:\program files\firewall\kernel\htmlfilt.dll <Not Verified; Agnitum; Outpost Firewall>
R3 HTTPFILT.DLL (Outpost Firewall PlugIn (HTTPFILT.DLL)) - c:\program files\firewall\kernel\httpfilt.dll <Not Verified; Agnitum; Outpost Firewall>
R3 IMAPFILT.DLL (Outpost Firewall PlugIn (IMAPFILT.DLL)) - c:\program files\firewall\kernel\imapfilt.dll <Not Verified; Agnitum; Outpost Firewall>
R3 MAILFILT.DLL (Outpost Firewall PlugIn (MAILFILT.DLL)) - c:\program files\firewall\kernel\mailfilt.dll <Not Verified; Agnitum; Outpost Firewall>
R3 NNTPFILT.DLL (Outpost Firewall PlugIn (NNTPFILT.DLL)) - c:\program files\firewall\kernel\nntpfilt.dll <Not Verified; Agnitum; Outpost Firewall>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 POP3FILT.DLL (Outpost Firewall PlugIn (POP3FILT.DLL)) - c:\program files\firewall\kernel\pop3filt.dll <Not Verified; Agnitum; Outpost Firewall>
R3 PROTECT.DLL (Outpost Firewall PlugIn (PROTECT.DLL)) - c:\program files\firewall\kernel\protect.dll <Not Verified; Agnitum; Outpost Firewall>
R3 SMBios (Intel (R) System Managment BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Managment BIOS Driver>
S3 catchme - c:\docume~1\maciek\ustawi~1\temp\catchme.sys (file missing)
S3 HWIONT - e:\tv\more\hwiont.sys <Not Verified; The freeware company; Windws NT hardware access driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" <Not Verified; Acronis; Acronis Scheduler 2>
R2 AVPCC (AVP Control Centre Service) - "c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avpcc.exe" /service <Not Verified; Kaspersky Labs.; Kaspersky Anti-Virus>
R2 KAVMonitorService (KAV Monitor Service) - "c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avpm.exe" /service <Not Verified; Kaspersky Labs.; Kaspersky Anti-Virus>
R2 OutpostFirewall (Outpost Firewall Service) - c:\progra~1\firewall\outpost.exe /service <Not Verified; Agnitum; Outpost Firewall>
S0 wscsvc (Centrum zabezpieczeń) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
S4 ewido security suite guard - c:\program files\ewido anti-malware\ewidoguard.exe <Not Verified; ewido networks; guard>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-08-17 17:15:00 366 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2007-07-28 and 2007-08-28 -----------------------------
2007-08-28 15:12:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-28 15:12:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-26 22:31:51 724 --a------ C:\WINDOWS\system32\qmopt.dll
2007-08-26 14:27:31 0 d-------- C:\Program Files\uTorrent
2007-08-19 19:56:04 0 d-------- C:\Program Files\Common Files\Skype
2007-08-19 17:12:16 0 d-------- C:\Program Files\Google
2007-08-10 17:56:57 36188 --ah----- C:\WINDOWS\system32\mlfcache.dat
-- Find3M Report ---------------------------------------------------------------
2007-08-28 16:12:02 0 d-------- C:\Program Files\Firewall
2007-08-27 16:42:21 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\uTorrent
2007-08-26 21:02:59 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Skype
2007-08-23 17:46:45 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Adobe
2007-08-20 19:13:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-19 19:56:08 0 d-------- C:\Program Files\Skype
2007-08-19 19:56:04 0 d-------- C:\Program Files\Common Files
2007-08-16 15:07:01 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\foobar2000
2007-07-27 18:23:54 0 d-------- C:\Program Files\SkanerOnline
2007-07-27 18:23:27 0 d-------- C:\Program Files\Nufsoft
2007-07-14 14:59:39 0 d-------- C:\Program Files\Winamp
2007-07-05 16:10:58 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\AdobeUM
2007-07-03 20:48:39 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-07-03 20:48:39 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-07-03 16:13:11 3311 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2007-07-03 16:13:11 133632 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-03 12:23:06 0 d-------- C:\Program Files\Gadu-Gadu
2007-06-28 17:29:49 0 d-------- C:\Program Files\SmartSound Software
2007-06-11 20:01:11 359046 --a------ C:\WINDOWS\system32\perfh015.dat
2007-06-11 20:01:11 50968 --a------ C:\WINDOWS\system32\perfc015.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 17:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 10:42]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-01-26 19:08]
"Outpost Firewall"="C:\Program Files\Firewall\outpost.exe" [2003-07-16 18:09]
"OfficeGuard RegChecker"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe" [2001-09-12 16:33]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk
backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^Y'z ToolBar.lnk]
path=C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor]
"C:\Program Files\TrueImage\TrueImageMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"E:\Program Files\deamon\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
E:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
E:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"E:\Program Files\PoverDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
-- Hosts -----------------------------------------------------------------------
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 www.rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 www.customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 www.liveupdate.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 www.updates.symantec.com
46 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-08-28 16:13:13 ------------
co do tego stispk.exe to go cholera nie moge znalesc u siebie,jak go znalesc jak go wogole nie ma jak przegladam w tych skanerach???A w logu jest .....i badz tu mądry
- maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
-
przez wojtas 28 Sie 2007, 16:35
Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg
skasuj ten ^^ plik do kosza
zeby go zobaczyc :przejdz do opcji: Narzedzia>>Widok>>Pokaz ukryte pliki lub foldery oraz Ukryj chronione pliki systemu operacyjnego
wejdź na dysk na którym masz windows zainstalowany, tam w katalog WINDOWS -> system 32 -> drivers -> etc
i tam za pomocą notatnika otwórz plik hosts
Jeśli są jakieś wpisy pod
to usun tylko zostaw te pokazane przeze mnie wyzej
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg
C:\WINDOWS\system32\qmopt.dll
skasuj ten ^^ plik do kosza
maci napisał(a):co do tego stispk.exe to go cholera nie moge znalesc u siebie,
zeby go zobaczyc :przejdz do opcji: Narzedzia>>Widok>>Pokaz ukryte pliki lub foldery oraz Ukryj chronione pliki systemu operacyjnego
wejdź na dysk na którym masz windows zainstalowany, tam w katalog WINDOWS -> system 32 -> drivers -> etc
i tam za pomocą notatnika otwórz plik hosts
Jeśli są jakieś wpisy pod
# 102.54.94.97 rhino.acme.com # serwer źródłowy
# 38.25.63.10 x.acme.com # komputer kliencki x
127.0.0.1 localhost
to usun tylko zostaw te pokazane przeze mnie wyzej
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez maci 28 Sie 2007, 17:05
stispk.exe jak nie było tak nie ma-wyskakuje mi komunikat ze jest błedna sciezka itp itd
C:\WINDOWS\system32\qmopt.dll wywaliłem killboxem
wwdc musiałem zostawic netbios na żółto bo jak był na zielono to nie miałem połączenia z netem
wejdź na dysk na którym masz windows zainstalowany, tam w katalog WINDOWS -> system 32 -> drivers -> etc
i tam za pomocą notatnika otwórz plik hosts
Zrobiłem wszytko zostawiajac tylko dwa takie same wpisy 127.0.0.1 localhost
- maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
-
przez maci 28 Sie 2007, 17:26
wojtas19162 napisał(a):daj nowego loga z dss
- Kod: Zaznacz wszystko
Deckard's System Scanner v20070826.66
Run by Maciek on 2007-08-28 17:14:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=red]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]
-- HijackThis (run as Maciek.exe) ----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 17:15:16, on 2007-08-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ro0\stispk.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ro0\stispk.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Maxthon\Maxthon.exe
E:\Program Files\totalcmd\TOTALCMD.EXE
D:\AKTUALNIE SCIAGANE\dss.exe
D:\MACIEK\ROZNE\INSTALKI\Maciek.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Firewall\TRASH.EXE (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Firewall\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp\WinStylerThemeSvc.exe
-- Files created between 2007-07-28 and 2007-08-28 -----------------------------
2007-08-28 17:02:50 724 --a------ C:\WINDOWS\system32\qmopt.dll
2007-08-28 16:36:36 15640 --a------ C:\WINDOWS\system32\qmjbabid.exe
2007-08-28 15:12:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-28 15:12:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-26 14:27:31 0 d-------- C:\Program Files\uTorrent
2007-08-19 19:56:04 0 d-------- C:\Program Files\Common Files\Skype
2007-08-19 17:12:16 0 d-------- C:\Program Files\Google
2007-08-10 17:56:57 36188 --ah----- C:\WINDOWS\system32\mlfcache.dat
-- Find3M Report ---------------------------------------------------------------
2007-08-28 17:13:30 0 d-------- C:\Program Files\Firewall
2007-08-27 16:42:21 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\uTorrent
2007-08-26 21:02:59 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Skype
2007-08-23 17:46:45 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Adobe
2007-08-20 19:13:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-19 19:56:08 0 d-------- C:\Program Files\Skype
2007-08-19 19:56:04 0 d-------- C:\Program Files\Common Files
2007-08-16 15:07:01 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\foobar2000
2007-07-27 18:23:54 0 d-------- C:\Program Files\SkanerOnline
2007-07-27 18:23:27 0 d-------- C:\Program Files\Nufsoft
2007-07-14 14:59:39 0 d-------- C:\Program Files\Winamp
2007-07-05 16:10:58 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\AdobeUM
2007-07-03 20:48:39 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-07-03 20:48:39 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-07-03 16:13:11 3311 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2007-07-03 16:13:11 133632 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-03 12:23:06 0 d-------- C:\Program Files\Gadu-Gadu
2007-06-28 17:29:49 0 d-------- C:\Program Files\SmartSound Software
2007-06-11 20:01:11 359046 --a------ C:\WINDOWS\system32\perfh015.dat
2007-06-11 20:01:11 50968 --a------ C:\WINDOWS\system32\perfc015.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 17:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 10:42]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-01-26 19:08]
"Outpost Firewall"="C:\Program Files\Firewall\outpost.exe" [2003-07-16 18:09]
"OfficeGuard RegChecker"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe" [2001-09-12 16:33]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk
backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^Y'z ToolBar.lnk]
path=C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor]
"C:\Program Files\TrueImage\TrueImageMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"E:\Program Files\deamon\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
E:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
E:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"E:\Program Files\PoverDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
-- End of Deckard's System Scanner: finished at 2007-08-28 17:15:45 ------------
Ps:Ten komunikat co w pierwszym poscie dalej wyskakuje
- maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
-
przez wojtas 28 Sie 2007, 17:36
sciagnij gmera:
http://gmer.net/gmer.zip
W Gmerze w zakładce CMD z zaznaczoną opcją CMD.EXE wklej:
I kliknij z prawej strony na Uruchom.
potem nowy log z dss oraz z gmera z opcji:
http://gmer.net/gmer.zip
W Gmerze w zakładce CMD z zaznaczoną opcją CMD.EXE wklej:
gmer -del file C:\WINDOWS\system32\qmjbabid.exe
gmer -del file C:\WINDOWS\system32\qmopt.dll
gmer -del file C:\WINDOWS\System32\ocxloader.exe
gmer -del file C:\WINDOWS\system32\ro0
gmer –reboot
I kliknij z prawej strony na Uruchom.
potem nowy log z dss oraz z gmera z opcji:
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez maci 28 Sie 2007, 17:49
- Kod: Zaznacz wszystko
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-28 17:38:48
Windows 5.1.2600 Dodatek Service Pack 2
---- Services - GMER 1.0.13 ----
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [AUTO] AcrSch2Svc
Service C:\Program Files\Firewall\Kernel\ADBLOCK.dll [MANUAL] ADBLOCK.DLL
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service C:\WINDOWS\System32\DRIVERS\agp440.sys [BOOT] agp440
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service ASAPIW2K
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASPI32
Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub
Service C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe [AUTO] AVPCC
Service BattC
Service [SYSTEM] Beep
Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS
Service C:\WINDOWS\system32\brsvc01a.exe [AUTO] Brother XP spl Service
Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser
Service C:\WINDOWS\System32\Drivers\BrScnUsb.sys [MANUAL] BrScnUsb
Service C:\WINDOWS\system32\drivers\BT848.sys [AUTO] BT848
Service C:\WINDOWS\system32\drivers\BTTUNER.sys [AUTO] BTTUNER
Service C:\WINDOWS\system32\drivers\BTXBAR.sys [AUTO] BTXBAR
Service C:\DOCUME~1\Maciek\USTAWI~1\Temp\catchme.sys [MANUAL] catchme
Service [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service [DISABLED] CmdIde
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp
Service C:\Program Files\Firewall\Kernel\Content.dll [MANUAL] CONTENT.DLL
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service C:\WINDOWS\system32\DRIVERS\d347bus.sys [BOOT] d347bus
Service C:\WINDOWS\System32\Drivers\d347prt.sys [BOOT] d347prt
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache
Service C:\Program Files\Firewall\Kernel\Dnscache.dll [MANUAL] DNSCACHE.DLL
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem
Service C:\Program Files\ewido anti-malware\ewidoctrl.exe [AUTO] ewido security suite control
Service C:\Program Files\ewido anti-malware\guard.sys [SYSTEM] ewido security suite driver
Service C:\Program Files\ewido anti-malware\ewidoguard.exe [DISABLED] ewido security suite guard
Service [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips
Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys [BOOT] FltMgr
Service [SYSTEM] Fs_Rec
Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service C:\Program Files\Firewall\Kernel\Ftpfilt.dll [MANUAL] FTPFILT.DLL
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [MANUAL] gusvc
Service C:\WINDOWS\System32\svchost.exe [DISABLED] helpsvc
Service C:\WINDOWS\System32\svchost.exe [AUTO] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb
Service [DISABLED] hpn
Service C:\Program Files\Firewall\Kernel\Htmlfilt.dll [MANUAL] HTMLFILT.DLL
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\Program Files\Firewall\Kernel\Httpfilt.dll [MANUAL] HTTPFILT.DLL
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service E:\tv\MORE\HWIONT.sys [MANUAL] HWIONT
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\Program Files\Firewall\Kernel\Imapfilt.dll [MANUAL] IMAPFILT.DLL
Service C:\WINDOWS\System32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [SYSTEM] intelppm
Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp
Service C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe [AUTO] KAVMonitorService
Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [SYSTEM] kbdhid
Service C:\WINDOWS\system32\Drivers\klif.sys [SYSTEM] Klif
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service C:\WINDOWS\System32\lanmandrv.sys [SYSTEM] lanmandrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts
Service C:\Program Files\Firewall\Kernel\Mailfilt.dll [MANUAL] MAILFILT.DLL
Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger
Service C:\WINDOWS\system32\drivers\MidiSyn.sys [MANUAL] MidiSyn
Service [SYSTEM] mnmdd
Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC
Service [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP
Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\System32\DRIVERS\netbt.sys [AUTO] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla
Service C:\Program Files\Firewall\Kernel\Nntpfilt.dll [MANUAL] NNTPFILT.DLL
Service [SYSTEM] Npfs
Service [DISABLED] Ntfs
Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv
Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc
Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service Outlook
Service C:\Program Files\Firewall\outpost.exe [AUTO] OutpostFirewall
Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service C:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\System32\DRIVERS\pciide.sys [BOOT] PCIIde
Service C:\WINDOWS\system32\drivers\pclepci.sys [SYSTEM] PCLEPCI
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc
Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service C:\WINDOWS\System32\lsass.exe [MANUAL] PolicyAgent
Service C:\Program Files\Firewall\Kernel\Pop3filt.dll [MANUAL] POP3FILT.DLL
Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\WINDOWS\System32\DRIVERS\processr.sys [SYSTEM] Processor
Service C:\Program Files\Firewall\Kernel\Protect.dll [MANUAL] PROTECT.DLL
Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto
Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan
Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti
Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service RDPNP
Service [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service C:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook
Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry
Service C:\WINDOWS\system32\ro0\ro0.exe (*** hidden *** ) [AUTO] ro0Srv <-- ROOTKIT !!!
Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP
Service C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139
Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service ScsiPort
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum
Service C:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial
Service C:\WINDOWS\system32\drivers\sf.sys [SYSTEM] sf
Service C:\WINDOWS\System32\drivers\sfdrv01.sys [BOOT] sfdrv01
Service C:\WINDOWS\System32\drivers\sfhlp02.sys [BOOT] sfhlp02
Service [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\drivers\sfsync04.sys [BOOT] sfsync04
Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP
Service C:\WINDOWS\system32\DRIVERS\SMBios.sys [MANUAL] SMBios
Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm
Service C:\WINDOWS\system32\DRIVERS\snapman.sys [BOOT] snapman
Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1
Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default)
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr
Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice
Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv
Service C:\WINDOWS\System32\svchost.exe [DISABLED] SSDPSRV
Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip
Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv
Service swwd
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service C:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [AUTO] tifsfilter
Service C:\WINDOWS\system32\DRIVERS\timntr.sys [BOOT] timounter
Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service TSDDD
Service C:\Program Files\TuneUp\WinStylerThemeSvc.exe [MANUAL] TUWinStylerThemeSvc
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update
Service C:\WINDOWS\System32\svchost.exe [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp
Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint
Service C:\WINDOWS\system32\DRIVERS\usbser.sys [MANUAL] usbser
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci
Service C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [MANUAL] V0260VID
Service C:\Program Files\Firewall\Kernel\2000\Filtnt.sys [SYSTEM] VFILT
Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time
Service W3SVC
Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service C:\WINDOWS\System32\svchost.exe [BOOT] wscsvc
Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC
Service C:\WINDOWS\System32\svchost.exe [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe [DISABLED] WZCSVC
Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov
Service {B73146B1-BA88-4BC9-B0D2-8136EE3763E1}
Service {E3FFCBD3-B427-4034-89F9-186B50A1D6EB}
---- EOF - GMER 1.0.13 ----
- Kod: Zaznacz wszystko
Deckard's System Scanner v20070826.66
Run by Maciek on 2007-08-28 17:39:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=red]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]
-- HijackThis (run as Maciek.exe) ----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 17:39:36, on 2007-08-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ro0\stispk.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ro0\stispk.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Maxthon\Maxthon.exe
E:\Program Files\totalcmd\TOTALCMD.EXE
D:\AKTUALNIE SCIAGANE\gmer.exe
D:\AKTUALNIE SCIAGANE\dss.exe
D:\MACIEK\ROZNE\INSTALKI\Maciek.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Firewall\TRASH.EXE (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Firewall\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp\WinStylerThemeSvc.exe
-- Files created between 2007-07-28 and 2007-08-28 -----------------------------
2007-08-28 15:12:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-28 15:12:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-26 14:27:31 0 d-------- C:\Program Files\uTorrent
2007-08-19 19:56:04 0 d-------- C:\Program Files\Common Files\Skype
2007-08-19 17:12:16 0 d-------- C:\Program Files\Google
2007-08-10 17:56:57 36188 --ah----- C:\WINDOWS\system32\mlfcache.dat
-- Find3M Report ---------------------------------------------------------------
2007-08-28 17:13:30 0 d-------- C:\Program Files\Firewall
2007-08-27 16:42:21 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\uTorrent
2007-08-26 21:02:59 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Skype
2007-08-23 17:46:45 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Adobe
2007-08-20 19:13:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-19 19:56:08 0 d-------- C:\Program Files\Skype
2007-08-19 19:56:04 0 d-------- C:\Program Files\Common Files
2007-08-16 15:07:01 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\foobar2000
2007-07-27 18:23:54 0 d-------- C:\Program Files\SkanerOnline
2007-07-27 18:23:27 0 d-------- C:\Program Files\Nufsoft
2007-07-14 14:59:39 0 d-------- C:\Program Files\Winamp
2007-07-05 16:10:58 0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\AdobeUM
2007-07-03 20:48:39 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-07-03 20:48:39 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-07-03 16:13:11 3311 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2007-07-03 16:13:11 133632 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-03 12:23:06 0 d-------- C:\Program Files\Gadu-Gadu
2007-06-28 17:29:49 0 d-------- C:\Program Files\SmartSound Software
2007-06-11 20:01:11 359046 --a------ C:\WINDOWS\system32\perfh015.dat
2007-06-11 20:01:11 50968 --a------ C:\WINDOWS\system32\perfc015.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 17:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 10:42]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-01-26 19:08]
"Outpost Firewall"="C:\Program Files\Firewall\outpost.exe" [2003-07-16 18:09]
"OfficeGuard RegChecker"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe" [2001-09-12 16:33]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk
backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maciek^Menu Start^Programy^Autostart^Y'z ToolBar.lnk]
path=C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor]
"C:\Program Files\TrueImage\TrueImageMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"E:\Program Files\deamon\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
E:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
E:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"E:\Program Files\PoverDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
*Newly Created Service* - GMER
-- End of Deckard's System Scanner: finished at 2007-08-28 17:40:09 ------------
- maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
-
przez wojtas 28 Sie 2007, 21:22
Wklej do notatnika
Plik >>> zapisz jako >>> zmien rozszerzenie z TXT na wszystkie typy plików >>> zapisz pod nazwa FIX.BAT
Uruchamiasz Gmera, w zakładce Procesy wybierasz opcje Gmer Awaryjny. Komputer się zresetuje i uruchomi się Gmer. Wybierasz znów zakładke Procesy i na dole w poleceniu przez trzy kropki wskaz plik FIX.BAT i go uruchom.
potem nowy log z gmera
gmer -del service ro0Srv
gmer -del file C:\WINDOWS\system32\ro0
gmer –reboot
Plik >>> zapisz jako >>> zmien rozszerzenie z TXT na wszystkie typy plików >>> zapisz pod nazwa FIX.BAT
Uruchamiasz Gmera, w zakładce Procesy wybierasz opcje Gmer Awaryjny. Komputer się zresetuje i uruchomi się Gmer. Wybierasz znów zakładke Procesy i na dole w poleceniu przez trzy kropki wskaz plik FIX.BAT i go uruchom.
potem nowy log z gmera
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez maci 28 Sie 2007, 22:40
wojtas19162 napisał(a):Wklej do notatnikagmer -del service ro0Srv
gmer -del file C:\WINDOWS\system32\ro0
gmer –reboot
Plik >>> zapisz jako >>> zmien rozszerzenie z TXT na wszystkie typy plików >>> zapisz pod nazwa FIX.BAT
Uruchamiasz Gmera, w zakładce Procesy wybierasz opcje Gmer Awaryjny. Komputer się zresetuje i uruchomi się Gmer. Wybierasz znów zakładke Procesy i na dole w poleceniu przez trzy kropki wskaz plik FIX.BAT i go uruchom.
potem nowy log z gmera
Wszystko zrobione tak jak pisales tylko juz w awaryjnym po wprowadzeniu pliku fix.bat gmer odpowiada ze niepoprawna funkcja
juz nie wiem co myslec ...ide spac
narazie dziekuje ,myśle ze cos pomyslimy jutro
Czesc
- maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
-
przez wojtas 28 Sie 2007, 23:02
Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:
Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + gmer
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:
Drivers to unload:
ro0Srv
Folders to delete:
C:\WINDOWS\system32\ro0
Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + gmer
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez maci 29 Sie 2007, 05:09
- Kod: Zaznacz wszystko
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vumknd^k
*******************
Script file located at: \??\C:\Program Files\nelpflcr.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key \Registry\Machine\System\CurrentControlSet\Services\ro0Srv not found!
Unload of driver ro0Srv failed!
Could not process line:
ro0Srv
Status: 0xc0000034
Folder C:\WINDOWS\system32\ro0 deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
- maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
-
przez maci 29 Sie 2007, 11:23
Jak wroce z pracy aha powiedz mi jak, bo probowałem rano i nie dałem rady.
aha powiedz mi jak, bo probowałem rano i nie dałem rady.- maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
-
przez wojtas 29 Sie 2007, 13:16
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
tak
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez maci 29 Sie 2007, 13:51
Dobra jestem a tutaj log
- Kod: Zaznacz wszystko
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-29 13:41:37
Windows 5.1.2600 Dodatek Service Pack 2
---- Services - GMER 1.0.13 ----
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [AUTO] AcrSch2Svc
Service C:\Program Files\Firewall\Kernel\ADBLOCK.dll [MANUAL] ADBLOCK.DLL
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service C:\WINDOWS\System32\DRIVERS\agp440.sys [BOOT] agp440
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service ASAPIW2K
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASPI32
Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub
Service C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe [AUTO] AVPCC
Service BattC
Service [SYSTEM] Beep
Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS
Service C:\WINDOWS\system32\brsvc01a.exe [AUTO] Brother XP spl Service
Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser
Service C:\WINDOWS\System32\Drivers\BrScnUsb.sys [MANUAL] BrScnUsb
Service C:\WINDOWS\system32\drivers\BT848.sys [AUTO] BT848
Service C:\WINDOWS\system32\drivers\BTTUNER.sys [AUTO] BTTUNER
Service C:\WINDOWS\system32\drivers\BTXBAR.sys [AUTO] BTXBAR
Service C:\DOCUME~1\Maciek\USTAWI~1\Temp\catchme.sys [MANUAL] catchme
Service [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service [DISABLED] CmdIde
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp
Service C:\Program Files\Firewall\Kernel\Content.dll [MANUAL] CONTENT.DLL
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service C:\WINDOWS\system32\DRIVERS\d347bus.sys [BOOT] d347bus
Service C:\WINDOWS\System32\Drivers\d347prt.sys [BOOT] d347prt
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache
Service C:\Program Files\Firewall\Kernel\Dnscache.dll [MANUAL] DNSCACHE.DLL
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem
Service C:\Program Files\ewido anti-malware\ewidoctrl.exe [AUTO] ewido security suite control
Service C:\Program Files\ewido anti-malware\guard.sys [SYSTEM] ewido security suite driver
Service C:\Program Files\ewido anti-malware\ewidoguard.exe [DISABLED] ewido security suite guard
Service [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips
Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys [BOOT] FltMgr
Service [SYSTEM] Fs_Rec
Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service C:\Program Files\Firewall\Kernel\Ftpfilt.dll [MANUAL] FTPFILT.DLL
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [MANUAL] gusvc
Service C:\WINDOWS\System32\svchost.exe [DISABLED] helpsvc
Service C:\WINDOWS\System32\svchost.exe [AUTO] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb
Service [DISABLED] hpn
Service C:\Program Files\Firewall\Kernel\Htmlfilt.dll [MANUAL] HTMLFILT.DLL
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\Program Files\Firewall\Kernel\Httpfilt.dll [MANUAL] HTTPFILT.DLL
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service E:\tv\MORE\HWIONT.sys [MANUAL] HWIONT
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\Program Files\Firewall\Kernel\Imapfilt.dll [MANUAL] IMAPFILT.DLL
Service C:\WINDOWS\System32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [SYSTEM] intelppm
Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp
Service C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe [AUTO] KAVMonitorService
Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [SYSTEM] kbdhid
Service C:\WINDOWS\system32\Drivers\klif.sys [SYSTEM] Klif
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service C:\WINDOWS\System32\lanmandrv.sys [SYSTEM] lanmandrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts
Service C:\Program Files\Firewall\Kernel\Mailfilt.dll [MANUAL] MAILFILT.DLL
Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger
Service C:\WINDOWS\system32\drivers\MidiSyn.sys [MANUAL] MidiSyn
Service [SYSTEM] mnmdd
Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC
Service [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP
Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\System32\DRIVERS\netbt.sys [AUTO] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla
Service C:\Program Files\Firewall\Kernel\Nntpfilt.dll [MANUAL] NNTPFILT.DLL
Service [SYSTEM] Npfs
Service [DISABLED] Ntfs
Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv
Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc
Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service Outlook
Service C:\Program Files\Firewall\outpost.exe [AUTO] OutpostFirewall
Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service C:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\System32\DRIVERS\pciide.sys [BOOT] PCIIde
Service C:\WINDOWS\system32\drivers\pclepci.sys [SYSTEM] PCLEPCI
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc
Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service C:\WINDOWS\System32\lsass.exe [MANUAL] PolicyAgent
Service C:\Program Files\Firewall\Kernel\Pop3filt.dll [MANUAL] POP3FILT.DLL
Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\WINDOWS\System32\DRIVERS\processr.sys [SYSTEM] Processor
Service C:\Program Files\Firewall\Kernel\Protect.dll [MANUAL] PROTECT.DLL
Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto
Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan
Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti
Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service RDPNP
Service [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service C:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook
Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry
Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP
Service C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139
Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service ScsiPort
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum
Service C:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial
Service C:\WINDOWS\system32\drivers\sf.sys [SYSTEM] sf
Service C:\WINDOWS\System32\drivers\sfdrv01.sys [BOOT] sfdrv01
Service C:\WINDOWS\System32\drivers\sfhlp02.sys [BOOT] sfhlp02
Service [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\drivers\sfsync04.sys [BOOT] sfsync04
Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP
Service C:\WINDOWS\system32\DRIVERS\SMBios.sys [MANUAL] SMBios
Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm
Service C:\WINDOWS\system32\DRIVERS\snapman.sys [BOOT] snapman
Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1
Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default)
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr
Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice
Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv
Service C:\WINDOWS\System32\svchost.exe [DISABLED] SSDPSRV
Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip
Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv
Service swwd
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service C:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [AUTO] tifsfilter
Service C:\WINDOWS\system32\DRIVERS\timntr.sys [BOOT] timounter
Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service TSDDD
Service C:\Program Files\TuneUp\WinStylerThemeSvc.exe [MANUAL] TUWinStylerThemeSvc
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update
Service C:\WINDOWS\System32\svchost.exe [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp
Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint
Service C:\WINDOWS\system32\DRIVERS\usbser.sys [MANUAL] usbser
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci
Service C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [MANUAL] V0260VID
Service C:\Program Files\Firewall\Kernel\2000\Filtnt.sys [SYSTEM] VFILT
Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time
Service W3SVC
Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service C:\WINDOWS\System32\svchost.exe [BOOT] wscsvc
Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC
Service C:\WINDOWS\System32\svchost.exe [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe [DISABLED] WZCSVC
Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov
Service {B73146B1-BA88-4BC9-B0D2-8136EE3763E1}
Service {E3FFCBD3-B427-4034-89F9-186B50A1D6EB}
---- EOF - GMER 1.0.13 ----
- maci
- ~user
- Posty: 171
- Dołączenie: 11 Sie 2005, 05:56
-
22 posty(ów) • Strona 1 z 2 • 1, 2
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 12 gości