Niezawodnośc tp


(koszmos) #1

włączam komputer i internet a tu zaczynają mnie atakować jakieś numery ip i to ma być niby bezpieczeństwo tp ;p oto one: ( jest już z 400 a dzień jeszcze długi

20:38:52	84.216.76.184	TCP (445)

20:38:50	83.8.185.54	TCP (135)

20:38:44	83.8.198.53	TCP (445)

20:38:41	83.8.205.158	TCP (445)

20:38:30	83.8.93.12	TCP (135)

20:38:29	83.8.223.245	TCP (135)

20:38:29	194.187.182.199	UDP (7611)

20:38:22	83.8.158.254	TCP (445)

20:38:17	91.184.202.81	TCP (445)

20:38:16	83.8.4.80	TCP (445)

20:38:10	83.8.84.151	TCP (135)

20:38:08	83.8.18.252	TCP (135)

20:38:01	77.192.242.236	TCP (445)

20:37:53	83.8.131.52	TCP (445)

20:37:31	83.8.38.95	TCP (135)

20:37:27	83.8.82.215	TCP (445)

20:37:27	83.6.97.203	TCP (135)

20:37:23	83.8.4.80	TCP (2967)

20:37:22	82.56.155.135	TCP (34793)

20:37:21	83.8.87.186	TCP (445)

20:37:15	83.7.30.166	TCP (135)

20:37:14	83.8.116.201	TCP (445)

20:37:08	83.7.58.216	TCP (135)

20:37:04	83.8.210.189	TCP (445)

20:37:02	83.8.110.15	TCP (445)

20:36:46	83.8.97.135	TCP (445)

20:36:38	83.8.19.220	TCP (445)

20:36:30	83.8.123.176	TCP (445)

20:36:29	83.6.126.89	TCP (135)

20:36:29	83.8.5.102	TCP (6881)

20:36:24	83.8.241.46	TCP (445)

20:36:18	83.8.84.211	TCP (139)

20:36:14	83.8.222.149	TCP (135)

20:36:03	83.8.123.241	TCP (135)

20:35:53	83.8.187.47	TCP (445)

20:35:47	83.8.6.56	TCP (445)

20:35:38	83.8.27.220	TCP (445)

20:35:28	83.8.99.79	TCP (445)

20:35:24	83.6.81.235	TCP (445)

20:35:22	83.8.51.140	TCP (445)

20:35:19	194.187.182.199	UDP (7611)

20:35:18	83.165.45.94	TCP (34793)

20:35:17	83.8.234.187	TCP (445)

20:35:06	61.156.40.99	TCP (5076)

20:35:05	83.8.240.165	TCP (135)

20:35:00	83.8.5.176	TCP (135)

20:34:55	81.37.150.131	TCP (34793)

20:34:51	83.8.104.84	TCP (445)

20:34:51	201.67.233.99	TCP (34793)

20:34:50	83.8.168.203	TCP (445)

20:34:50	83.8.46.104	TCP (135)

20:34:37	83.7.104.201	TCP (135)

20:34:36	83.8.158.3	TCP (445)

20:34:33	83.8.125.180	TCP (135)

20:34:32	83.8.53.57	TCP (5900)

20:34:29	83.8.190.199	TCP (445)

20:34:25	83.8.112.25	TCP (445)

20:34:22	83.8.61.140	TCP (445)

20:34:16	83.8.98.70	TCP (445)

20:34:06	83.8.245.213	TCP (445)

20:34:01	83.8.120.62	TCP (445)

20:33:57	83.8.122.235	TCP (445)

20:33:55	83.8.16.36	TCP (445)

20:33:52	83.8.31.126	TCP (445)

20:33:45	200.138.64.179	TCP (34793)

20:33:44	83.4.37.60	TCP (445)

20:33:44	83.8.94.193	TCP (445)

20:33:40	83.8.168.212	TCP (445)

20:33:37	83.7.10.109	TCP (135)

20:33:25	83.8.188.216	TCP (135)

20:33:23	83.7.37.140	TCP (135)

20:33:22	83.8.16.36	TCP (2967)

20:33:22	84.79.16.210	TCP (34793)

20:33:19	212.96.71.34	TCP (34793)

20:33:17	84.160.232.6	TCP (34793)

20:33:16	83.8.169.251	TCP (445)

20:33:13	83.8.95.248	TCP (135)

20:33:12	82.91.133.69	TCP (34793)

20:33:11	83.8.5.75	TCP (445)

20:33:07	83.8.193.199	TCP (445)

20:32:57	200.163.243.9	TCP (34793)

20:32:54	83.8.241.168	TCP (445)

20:32:54	83.8.226.71	TCP (445)

20:32:47	83.8.213.57	TCP (135)

20:32:40	61.251.12.142	ICMP (2048)

20:32:34	83.8.249.231	TCP (445)

20:32:30	83.8.105.67	TCP (135)

20:32:25	83.8.99.151	TCP (2967)

20:32:24	83.8.89.138	TCP (445)

20:32:24	83.8.161.155	TCP (445)

20:32:21	83.8.23.111	TCP (445)

20:32:19	83.8.40.223	TCP (445)

20:32:14	83.8.59.115	TCP (2967)

20:32:12	83.8.88.200	TCP (445)

20:32:12	217.185.12.194	TCP (445)

20:32:12	83.8.67.50	TCP (445)

20:32:05	83.8.204.87	TCP (135)

20:32:02	83.8.71.249	TCP (445)

20:31:58	212.96.71.34	TCP (34793)

20:31:55	83.248.36.192	TCP (34793)

20:31:51	84.250.40.92	TCP (445)

20:31:50	83.8.99.56	TCP (445)

20:31:45	83.7.29.142	TCP (135)

20:31:44	83.8.11.176	TCP (445)

20:31:44	83.8.103.166	TCP (445)

20:31:43	200.138.64.179	UDP (34802)

20:31:37	83.8.15.135	TCP (445)

20:31:34	83.8.11.30	TCP (445)

20:31:34	83.8.11.30	TCP (2967)

20:31:30	82.91.133.69	TCP (34793)

20:31:27	83.8.57.37	TCP (445)

20:31:23	83.8.242.33	TCP (135)

20:31:22	83.8.27.153	TCP (445)

20:31:21	83.8.204.229	TCP (445)

20:31:15	83.8.180.120	TCP (445)

20:31:04	83.8.194.201	TCP (135)

20:31:03	83.8.15.150	TCP (445)

20:31:03	83.8.222.248	TCP (445)

20:30:58	83.8.45.36	TCP (135)

20:30:53	83.135.148.241	TCP (445)

20:30:52	83.8.248.218	TCP (445)

20:30:51	86.5.89.64	TCP (34793)

20:30:46	83.8.23.138	TCP (445)

20:30:44	194.187.182.199	UDP (7611)

20:30:43	84.99.253.151	TCP (34793)

20:30:40	86.71.10.181	TCP (34793)

20:30:39	83.8.106.51	TCP (445)

20:30:39	83.8.224.40	TCP (445)

20:30:38	83.8.117.128	TCP (445)

20:30:31	83.8.226.220	TCP (135)

20:30:25	83.8.20.155	TCP (445)

20:30:21	201.212.187.164	TCP (23058)

20:30:21	83.8.133.41	TCP (445)

20:30:19	82.91.133.69	UDP (34802)

20:30:18	83.8.74.149	TCP (445)

20:30:13	83.10.245.99	TCP (34793)

20:29:58	83.8.24.70	TCP (135)

20:29:58	83.8.81.133	TCP (445)

20:29:57	83.3.66.238	TCP (135)

20:29:54	83.8.15.114	TCP (445)

20:29:51	212.96.71.34	UDP (34802)

20:29:47	83.6.137.225	TCP (34793)

20:29:43	84.101.150.244	TCP (34793)

20:29:33	82.250.117.223	TCP (34793)

20:29:28	83.8.218.162	TCP (445)

20:29:22	83.8.157.104	TCP (445)

20:29:21	83.8.14.98	TCP (135)

20:29:21	83.8.76.174	TCP (135)

20:29:18	83.14.215.74	UDP (7362)

20:29:01	83.8.21.203	TCP (445)

20:28:58	87.164.251.206	TCP (34793)

20:28:51	83.8.221.90	TCP (445)

20:28:50	83.8.176.84	TCP (135)

20:28:46	83.8.30.249	TCP (445)

20:28:42	83.8.59.169	TCP (445)

20:28:32	83.8.231.18	TCP (445)

20:28:30	83.8.41.23	ICMP (2048)

20:28:30	83.154.127.168	TCP (34793)

20:28:24	83.8.219.213	TCP (445)

20:28:22	83.8.204.113	TCP (445)

20:28:17	83.8.104.178	TCP (135)

20:28:16	82.241.6.135	TCP (445)

20:28:15	83.8.186.241	TCP (135)

20:28:14	83.8.246.114	TCP (135)

20:28:11	83.8.104.156	TCP (445)

20:28:08	85.86.230.163	TCP (34793)

20:28:05	83.8.38.124	TCP (445)

20:28:00	81.49.144.61	TCP (34793)

20:27:48	83.8.249.96	TCP (445)

20:27:48	81.219.191.251	TCP (34793)

20:27:48	82.254.36.232	TCP (34793)

20:27:44	83.8.49.4	TCP (135)

20:27:44	83.8.29.26	TCP (135)

20:27:43	86.206.252.124	TCP (34793)

20:27:36	83.18.141.74	TCP (34793)

20:27:35	83.8.69.167	TCP (445)

20:27:30	83.4.15.98	TCP (445)

20:27:28	83.8.43.230	TCP (445)

20:27:22	83.8.92.151	TCP (445)

20:27:22	83.8.19.133	TCP (445)

20:27:19	83.8.67.129	TCP (445)

20:27:09	83.8.111.158	TCP (445)

20:27:06	83.8.164.164	TCP (445)

20:27:01	151.37.174.33	TCP (34793)

20:26:59	81.49.144.61	TCP (34793)

20:26:58	83.8.115.51	TCP (135)

20:26:57	83.8.80.17	TCP (135)

20:26:43	83.7.51.178	TCP (445)

20:26:43	83.8.169.188	TCP (135)

20:26:43	83.54.9.213	TCP (34793)

20:26:35	194.187.182.199	UDP (7611)

20:26:29	81.99.199.202	TCP (34793)

20:26:29	83.8.113.86	TCP (445)

20:26:15	83.8.17.173	TCP (445)

20:26:12	83.8.174.231	TCP (135)

20:26:12	83.8.127.95	TCP (135)

20:26:05	84.123.205.123	TCP (34793)

20:26:04	83.8.157.113	TCP (135)

20:26:01	213.102.68.93	TCP (34793)

20:25:58	83.8.179.159	TCP (445)

20:25:58	84.102.114.194	TCP (34793)

20:25:54	83.8.26.63	TCP (445)

20:25:54	83.4.53.144	TCP (34793)

20:25:54	83.8.24.37	TCP (445)

20:25:53	83.8.204.146	TCP (135)

20:25:50	83.8.192.13	TCP (135)

20:25:48	89.228.235.77	TCP (34793)

20:25:41	83.8.197.68	TCP (445)

20:25:39	83.8.84.151	TCP (135)

20:25:37	83.8.99.76	TCP (445)

20:25:28	83.8.4.15	TCP (445)

20:25:24	83.8.18.247	TCP (445)

20:25:22	83.8.110.103	TCP (445)

20:25:21	89.229.9.190	TCP (34793)

20:25:21	83.40.156.165	TCP (34793)

20:25:20	83.8.39.147	TCP (445)

20:25:20	83.21.14.172	TCP (34793)

20:25:14	83.8.184.126	TCP (445)

20:25:14	83.8.117.117	TCP (445)

20:24:52	83.8.54.164	TCP (135)

20:24:52	81.190.179.17	TCP (34793)

20:24:50	83.8.89.133	TCP (135)

20:24:48	83.8.4.80	TCP (135)

20:24:48	83.8.113.104	TCP (135)

20:24:36	83.7.254.36	TCP (135)

20:24:35	83.8.246.200	TCP (445)

20:24:34	84.130.219.207	TCP (34793)

20:24:33	83.8.186.225	TCP (445)

20:24:33	189.5.8.117	TCP (34793)

20:24:21	84.62.7.235	UDP (7362)

20:24:20	83.8.84.211	TCP (445)

20:24:13	83.8.216.53	TCP (445)

20:24:12	82.172.116.106	TCP (34793)

20:24:11	83.8.226.85	TCP (445)

20:24:09	83.8.120.164	TCP (135)

20:24:02	89.0.186.230	TCP (34793)

20:24:00	83.8.196.231	TCP (445)

20:23:58	89.228.235.77	TCP (34793)

20:23:53	201.29.40.249	TCP (34793)

20:23:46	83.8.69.50	TCP (135)

20:23:44	83.8.14.166	TCP (135)

20:23:36	83.8.96.89	TCP (445)

20:23:30	83.8.114.47	TCP (445)

20:23:29	83.8.122.235	TCP (445)

20:23:25	84.79.16.210	TCP (34793)

20:23:20	81.241.92.125	TCP (34793)

20:23:19	89.82.245.53	TCP (34793)

20:23:13	86.71.10.181	TCP (34793)

20:23:13	83.8.175.92	TCP (135)

20:23:10	201.4.33.222	TCP (34793)

20:23:04	83.8.131.1	TCP (2967)

20:22:56	83.8.189.112	TCP (135)

20:22:52	83.8.28.174	TCP (135)

20:22:52	85.8.72.129	TCP (34793)

20:22:51	83.8.226.168	TCP (445)

20:22:51	83.8.95.184	TCP (445)

20:22:50	83.8.76.53	TCP (135)

20:22:48	83.7.128.187	TCP (135)

20:22:48	89.0.186.230	TCP (34793)

20:22:47	83.8.85.188	TCP (135)

20:22:43	83.8.173.93	TCP (445)

20:22:38	83.8.169.240	TCP (135)

20:22:38	83.7.110.188	TCP (135)

20:22:35	83.8.162.250	TCP (445)

20:22:33	83.4.20.99	TCP (445)

20:22:31	193.238.174.209	TCP (34793)

20:22:31	83.8.213.57	TCP (135)

20:22:31	83.8.32.136	TCP (445)

20:22:22	90.16.198.31	TCP (34793)

20:22:19	83.8.198.142	TCP (135)

20:22:17	83.8.5.75	TCP (445)

20:22:16	83.8.25.188	TCP (135)

20:22:15	83.8.227.201	TCP (445)

20:22:14	83.8.90.153	TCP (445)

20:22:08	83.8.14.80	TCP (445)

20:22:02	89.228.235.77	TCP (34793)

20:21:57	83.8.96.208	TCP (445)

20:21:54	83.8.235.81	TCP (445)

20:21:53	83.7.51.39	TCP (135)

20:21:53	83.27.138.168	TCP (445)

20:21:52	83.8.14.137	TCP (445)

20:21:42	82.127.193.69	TCP (34793)

20:21:42	83.8.114.140	TCP (135)

20:21:42	83.5.9.138	TCP (135)

20:21:40	83.7.158.93	TCP (135)

20:21:34	82.131.75.11	TCP (34793)

20:21:33	84.6.102.129	TCP (34793)

20:21:33	83.8.54.190	TCP (445)

20:21:32	88.106.212.220	TCP (34793)

20:21:29	83.8.45.126	TCP (445)

20:21:29	83.7.105.217	TCP (445)

20:21:29	83.8.255.10	TCP (135)

20:21:24	83.8.185.54	TCP (135)

20:21:23	83.7.183.106	TCP (135)

20:21:19	83.85.16.127	TCP (34793)

20:21:14	66.173.153.18	TCP (445)

20:21:14	83.8.239.128	TCP (135)

20:21:13	83.248.36.192	TCP (34793)

20:21:10	83.8.32.131	TCP (445)

20:21:08	201.4.33.222	UDP (34802)

20:21:06	83.8.106.202	TCP (135)

20:21:05	87.2.228.25	TCP (34793)

20:21:02	83.8.110.238	TCP (445)

20:21:01	83.8.7.226	TCP (135)

20:21:00	81.161.147.10	TCP (34793)

20:20:56	83.8.210.36	TCP (445)

20:20:52	90.16.198.31	TCP (34793)

20:20:51	83.7.162.31	TCP (135)

20:20:50	83.8.181.24	TCP (445)

20:20:35	83.8.38.96	TCP (135)

20:20:33	83.8.48.57	TCP (445)

20:20:31	83.8.28.115	TCP (445)

20:20:29	82.241.191.175	TCP (34793)

20:20:24	89.0.186.230	UDP (34802)

20:20:24	196.203.218.78	TCP (34793)

20:20:17	83.6.68.52	TCP (135)

20:20:17	83.8.207.237	TCP (135)

20:20:16	83.8.193.199	TCP (445)

20:20:12	83.8.45.167	TCP (135)

20:20:12	83.8.158.3	TCP (135)

20:20:06	83.8.214.144	TCP (445)

20:20:06	83.8.249.231	TCP (445)

20:20:04	90.15.132.2	TCP (34793)

20:20:02	83.8.38.95	TCP (135)

20:20:02	83.8.208.96	TCP (135)

20:20:01	83.8.87.186	TCP (445)

20:19:57	83.39.112.190	TCP (445)

20:19:57	83.8.106.152	TCP (135)

20:19:54	83.8.17.221	TCP (135)

20:19:52	83.7.107.195	TCP (135)

20:19:41	83.8.31.13	TCP (445)

20:19:33	81.161.147.10	TCP (34793)

20:19:33	83.186.29.98	TCP (34793)

20:19:32	88.106.212.220	UDP (34802)

20:19:31	84.160.232.6	TCP (34793)

20:19:31	83.8.28.115	TCP (2967)

20:19:28	83.8.245.213	TCP (445)

20:19:21	62.121.90.42	TCP (34793)

20:19:21	83.8.204.229	TCP (445)

20:19:18	83.8.228.247	TCP (445)

20:19:18	82.197.8.109	TCP (34793)

20:19:16	83.8.125.227	TCP (135)

20:19:15	83.8.161.61	TCP (445)

20:19:15	84.6.102.129	TCP (34793)

20:19:14	83.8.17.108	TCP (445)

20:19:00	83.8.16.160	TCP (445)

20:18:53	83.8.210.189	TCP (135)

20:18:52	83.8.174.134	TCP (445)

20:18:48	83.8.222.149	TCP (135)

20:18:47	83.8.46.129	TCP (139)

20:18:43	89.224.6.204	TCP (34793)

20:18:41	83.8.102.185	TCP (135)

20:18:40	89.26.245.67	TCP (34793)

2007-03-24 23:46:11	195.50.96.87	TCP (3449)

2007-03-24 22:46:02	195.50.96.87	TCP (3401)

2007-03-24 21:45:56	195.50.96.87	TCP (3259)

2007-03-24 20:45:52	195.50.96.87	TCP (3006)

2007-03-24 19:45:49	195.50.96.87	TCP (4936)

2007-03-24 18:45:43	195.50.96.87	TCP (4733)

2007-03-23 22:40:08	195.50.96.87	TCP (4182)

2007-03-23 21:40:00	195.50.96.87	TCP (3506)

2007-03-23 21:33:33	190.0.31.96	TCP (4069)

2007-03-23 20:38:55	195.50.96.87	TCP (3504)

2007-03-23 18:05:40	195.50.96.87	TCP (4058)

2007-03-23 17:37:39	85.222.15.123	TCP (4346)

2007-03-23 17:13:32	87.250.162.200	TCP (4123)

2007-03-23 17:05:34	195.50.96.87	TCP (3419)

2007-03-23 16:13:49	192.168.0.23	TCP (3425)

2007-03-22 21:44:23	64.57.64.201	TCP (3514)

Złączono Posta : 25.03.2007 (Nie) 19:54

no cuż teraz jest już tego 1 tyś


(adam9870) #2

Pozamykaj porty robakom. W tym celu użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Dla pewności możesz wkleić komplet logów - HijackThis i SilentRunners:

http://forum.dobreprogramy.pl/viewtopic.php?t=36654


(koszmos) #3

ok oto logi :


(JNJN) #4

koszmos

Popraw posta -brak tagów.JNJN


(koszmos) #5

już poprawiłem a to są logi z sillenta:

Złączono Posta : 26.03.2007 (Pon) 21:36

to są całe logi

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"BySoft FreeRAM" = "C:\Program Files\BySoft FreeRAM\FreeRAM.exe" ["BySoft"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"VGAUtil" = "C:\WINDOWS\System32\G-VGA.exe" [empty string]

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"MsmqIntCert" = "regsvr32 /s mqrt.dll" [MS]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"OutpostFeedBack" = "C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup" ["Agnitum Ltd."]

"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Development Company, L.P."]

"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" [file not found]

"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" [file not found]

"adiras" = "adiras.exe" [file not found]

"Outpost Security Suite" = "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice" ["Agnitum Ltd."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"

  -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\upnpui.dll" [MS]

"{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare"

  -> {HKLM...CLSID} = "NetWare Objects"

                   \InProcServer32\(Default) = "nwprovau.dll" [MS]

"{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"

  -> {HKLM...CLSID} = "NetWare UNC Folder Menu"

                   \InProcServer32\(Default) = "nwprovau.dll" [MS]

"{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"

  -> {HKLM...CLSID} = "NetWare Hood Verbs"

                   \InProcServer32\(Default) = "nwprovau.dll" [MS]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"

  -> {HKLM...CLSID} = "Shell Extension for CDRW"

                   \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {HKLM...CLSID} = "7-Zip Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ASW\(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"

                   \InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll" ["Agnitum Ltd."]

NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}"

  -> {HKLM...CLSID} = "NetWare UNC Folder Menu"

                   \InProcServer32\(Default) = "nwprovau.dll" [MS]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoDrives" = (REG_BINARY) hex:00 00 00 00

{unrecognized setting}


"NoHelp" = (REG_BINARY) hex:01 00 00 00

{unrecognized setting}


"NoWindowsUpdate" = (REG_BINARY) hex:01 00 00 00

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove links and access to Windows Update}


"NoRecentDocsMenu" = (REG_BINARY) hex:01 00 00 00

{unrecognized setting}


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}


HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\


"NoWindowsUpdate" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Documents and Settings\Administrator\Moje dokumenty\panda - zabezpieczenia stopnia 1-3\tapety\Glacial_Haven.jpg"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"



Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Development Company, L.P."]

"Kalendarz XP" -> shortcut to: "C:\Program Files\Kalendarz XP\Kalendarz.exe" [null data]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 20, 62

C:\WINDOWS\System32\OPLSP.DLL [null data], 21 - 25, 50

%SystemRoot%\system32\mswsock.dll [MS], 26 - 28, 31 - 49

%SystemRoot%\system32\rsvpsp.dll [MS], 29 - 30

C:\Program Files\Agnitum\Outpost Firewall\lspfilt.dll ["Agnitum Ltd."], 51 - 61



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{A1A7E22D-1587-4230-8F16-081C68D21448}\(Default) = "Szybkie dostosowywanie programu"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll" ["Agnitum Ltd."]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]


{09FE188B-6E85-479E-9411-51FB2220DF80}\

"ButtonText" = "Subscribe in Desktop Sidebar"

"MenuText" = "Subscribe in Desktop Sidebar"

"CLSIDExtension" = "{45AD732C-2CE2-4666-B366-B2214AD57A49}"


{44627E97-789B-40D4-B5C2-58BD171129A1}\

"ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro"



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

  -> {HKLM...CLSID} = "Search Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [file not found]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Agent SAP, NwSapAgent, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]}

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]

LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]

Message Queuing, MSMQ, "C:\WINDOWS\System32\mqsvc.exe" [MS]

Message Queuing Triggers, MSMQTriggers, "C:\WINDOWS\System32\mqtgsvc.exe" [MS]

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

Odbiornik RIP, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}

Opiekun, OpSrv, "C:\WINDOWS\System32\opsrv.exe /startedbyscm:BB66DA22-40E2A281-OpiekunService" ["SoftStory"]

Outpost Security Suite Service, OutpostFirewall, "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service" ["Agnitum Ltd."]

Usługa klienta dla systemu NetWare, NWCWorkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\nwwks.dll" [MS]}

Usługi Simple TCP/IP, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]

LIDIL hpzll054\Driver = "hpzll054.dll" ["Hewlett-Packard Company"]

LPR Port\Driver = "lprmon.dll" [MS]

Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]



----------

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 747 seconds, including 6 seconds for message boxes)

(Joan Sunshine) #6

logi czyste, skanowanie sieci jest normalne, nie masz się czego bać:wink: