FilipS
(Filipsko)
18 Czerwiec 2006 08:39
#1
Ostatno przeglądałem logi Kerio. Niepokoją mnie te zapisy (przy których widnieje “permitted”
(to na początku co jest ucięte, to “unopened port”):
http://www.fotosik.pl/showFullSize.php? … cbee47c8da
nie wiem co mam z tym zrobić. skoro jest “permitted” to znaczy że on akceptuje te połączenia? I bez mojej zgody!? jak mogę to wszystko poblokować? I dlaczego niektóre dopszcza a niektóre nie?
Bieniol
(Bbieniol)
18 Czerwiec 2006 08:41
#2
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa
To powinno w jakimś stopniu pomóc
FilipS
(Filipsko)
18 Czerwiec 2006 10:02
#3
Po tym mi net nie chodzi. Nie może uzyskać adresu sieciowego. Już kiedyś to robiłem. Pomocy
Bieniol
(Bbieniol)
18 Czerwiec 2006 10:09
#4
Wrzuć zestaw logów (Hijack + Silent - opis tutaj --> http://forum.dobreprogramy.pl/viewtopic.php?t=36654 )
FilipS
(Filipsko)
18 Czerwiec 2006 13:37
#5
Z hijacka:
Logfile of HijackThis v1.99.1 Scan saved at 15:26:15, on 2006-06-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Windows Defender\MsMpEng.exe D:\Program Files\Ahead\InCD\InCDsrv.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe E:\Program Files\Alwil Software\Avast4\ashServ.exe E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe E:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\Explorer.EXE E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe D:\WINDOWS\system32\taskswitch.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Windows Defender\MSASCui.exe E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe D:\Program Files\HP\hpcoretech\hpcmpmgr.exe D:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\Wapster\AQQ\AQQ.exe E:\Program Files\BitComet\BitComet.exe D:\WINDOWS\system32\notepad.exe E:\PROGRA~1\FIREFOX\FIREFOX.EXE D:\Documents and Settings\Filip\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dobreprogramy.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - D:\WINDOWS\system32\safeie.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [CoolSwitch] D:\WINDOWS\system32\taskswitch.exe O4 - HKLM…\Run: [Odkurzacz-MCD] E:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM…\Run: [Windows Defender] “D:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [RemoteControl] “E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [HP Component Manager] “D:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKCU…\Run: [AQQ] E:\PROGRA~1\Wapster\AQQ\AQQ.exe O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta - E:\Program Files\WellGet\nxall.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - E:\Program Files\WellGet\nxcatch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - E:\Program Files\WellGet\WellGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: skaner.mks.com.pl O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 3878058857 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 7679650859 O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - D:\WINDOWS\Microsoft.NET \Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: hpdj - Unknown owner - D:\DOCUME~1\Filip\USTAWI~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) § (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
Z silenta:
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “AQQ” = “E:\PROGRA~1\Wapster\AQQ\AQQ.exe” [“AQQ Sp. z o.o.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “NvMediaCenter” = “RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “CoolSwitch” = “D:\WINDOWS\system32\taskswitch.exe” [null data] “Odkurzacz-MCD” = “E:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe” [“FranmoSoft”] “Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS] “PinnacleDriverCheck” = “D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg” [empty string] “Windows Defender” = ““D:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS] “RemoteControl” = ““E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “avast!” = “E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “HPDJ Taskbar Utility” = “D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe” [“HP”] “HP Software Update” = “D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “HP Component Manager” = ““D:\Program Files\HP\hpcoretech\hpcmpmgr.exe”” [“Hewlett-Packard Company”] “BluetoothAuthenticationAgent” = “rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {B5D4581D-ED6A-4905-A267-25BAF7BE79C1}(Default) = “SafeIE Utility” -> {HKLM…CLSID} = “FiltrateIE Class” \InProcServer32(Default) = “D:\WINDOWS\system32\safeie.dll” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “D:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “D:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW” -> {HKLM…CLSID} = “Shell Extension for CDRW” \InProcServer32(Default) = “D:\Program Files\Ahead\InCD\incdshx.dll” [“Ahead Software AG”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “D:\WINDOWS\System32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “D:\WINDOWS\System32\Audiodev.dll” [MS] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{709C6E11-538F-4759-86AC-6ACB302AA0DE}” = “Desktop Manager” -> {HKLM…CLSID} = “Desktop Manager” \InProcServer32(Default) = “D:\WINDOWS\system32\msvdm.dll” [null data] “{2F25CF20-C569-11D1-B94C-00608CB45480}” = “TextPad” -> {HKLM…CLSID} = “TextPad” \InProcServer32(Default) = “E:\Program Files\TextPad 4\System\shellext.dll” [“Helios Software Solutions”] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “D:\WINDOWS\system32\browseui.dll” [MS] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “D:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View” -> {HKLM…CLSID} = “Message View” \InProcServer32(Default) = “D:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll” [“Nokia”] “{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}” = “CorelDRAW Shell Extension Component” -> {HKLM…CLSID} = “CorelDRAW Shell Extension Component” \InProcServer32(Default) = “D:\Program Files\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CrlShell.dll” [“Corel Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “E:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” = “PowerISO” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “E:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” -> {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “D:\WINDOWS\system32\upnpui.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “D:\PROGRA~1\WINDOW~4\MpShHook.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! WgaLogon\DLLName = “WgaLogon.dll” [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\Program Files\7-Zip\7-zipn.dll” [“Igor Pavlov”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “E:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “E:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] TextPad(Default) = “{2F25CF20-C569-11D1-B94C-00608CB45480}” -> {HKLM…CLSID} = “TextPad” \InProcServer32(Default) = “E:\Program Files\TextPad 4\System\shellext.dll” [“Helios Software Solutions”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\Program Files\7-Zip\7-zipn.dll” [“Igor Pavlov”] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “E:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ 7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “E:\Program Files\7-Zip\7-zipn.dll” [“Igor Pavlov”] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “E:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “E:\Program Files\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “D:\DOCUME~1\Filip\USTAWI~1\Temp\MSVDM-Desktop0.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “D:\WINDOWS\System32\scrnsave.scr” [MS] Enabled Scheduled Tasks: ------------------------ “MP Scheduled Scan” -> launches: “D:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScanType config -Privileges restricted” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_05” \InProcServer32(Default) = “D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll” [“Sun Microsystems, Inc.”] {35980F6E-A258-4E50-953D-813BB8556899}\ “ButtonText” = “WellGet” “Exec” = “E:\Program Files\WellGet\WellGet.exe” [empty string] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “D:\Program Files\Messenger\msmsgs.exe” [MS] HOSTS file ---------- D:\WINDOWS\System32\drivers\etc\HOSTS maps: 8 domain names to IP addresses, 7 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““E:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““E:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Bluetooth Support Service, BthServ, “D:\WINDOWS\system32\svchost.exe -k bthsvcs” {“D:\WINDOWS\System32\bthserv.dll” [MS]} InCD Helper, InCDsrv, “D:\Program Files\Ahead\InCD\InCDsrv.exe” [“Ahead Software AG”] Kerio Personal Firewall 4, KPF4, “E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe” [“Kerio Technologies”] NVIDIA Display Driver Service (Omega 1.6693) §, NVSvc, “D:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Windows Defender Service, WinDefend, ““D:\Program Files\Windows Defender\MsMpEng.exe”” [MS] Windows User Mode Driver Framework, UMWdf, “D:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt09\Driver = “hpzsnt09.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 72 seconds, including 5 seconds for message boxes)
No fajnie, od razu widzę 3 INFECTION WARNING i… Wspaniale…
kuz5
(Kuz5)
18 Czerwiec 2006 13:41
#6
Patrz co robisz a będziesz wiedział co jest problemem :?
Chłopakowi padł net, po skorzystaniu z twojej rady
Zapewne zamknełes NetBIOS , odblokuj go w WWDC
Update:
Logi są czyste
FilipS
(Filipsko)
18 Czerwiec 2006 13:57
#7
OK.
To dlaczego Kerio dopuszcza te wszystkie połączenia i jak to zablokować.
Co włącze komputer przychodza mi połączenia:
http://images4.fotosik.pl/51/c2f3674cf96d5b3a.jpg
Wiem że mogę zablokować ^^ ale ciekaw jestem co to jest :]