tu jeszcze mam taki log z hijaka[qStartupList report, 2006-03-05, 14:08:39
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Jarek\Pulpit\HijackThis.EXE
Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Neostrada TP\taskbaricon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HotKey\HotKey.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jarek\Pulpit\HijackThis.exe
Listing of startup folders:
Shell folders Startup:
[C]
Reboot.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C]
HotKey Driver.lnk = C:\Program Files\HotKey\HotKey.exe
DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
WheelMouse = C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
QuickTime Task = “C:\Program Files\QuickTime\qttask.exe” -atboottime
WooCnxMon = C:\PROGRA~1\NEOSTR~1\CnxMon.exe
WOOWATCH = C:\PROGRA~1\NEOSTR~1\Watch.exe
WOOTASKBARICON = C:\Program Files\Neostrada TP\taskbaricon.exe
SoundMan = SOUNDMAN.EXE
gcasServ = “C:\Program Files\Microsoft AntiSpyware\gcasServ.exe”
RemoteControl = “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SCANINICIO = “C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe”
APVXDWIN = “C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE” /s
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
BlockAds =
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
[not active]
*No values found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = “%1” %*
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = “%1” %*
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = “%1” %*
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = “%1” %*
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = “%1” /S
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe “%1” %*
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = “%ProgramFiles%\Outlook Express\setup50.exe” /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = “%ProgramFiles%\Outlook Express\setup50.exe” /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath =
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM…\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM…\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM…\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM…\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU…\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU…\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU…\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU…\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU…\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU…\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM…\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM…\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM…\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\DREAMA~1.SCR
drivers=*Registry value not found*
Policies Shell key:
HKCU…\Policies: Shell=*Registry key not found*
HKLM…\Policies: Shell=*Registry value not found*
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
Verifying REGEDIT.EXE integrity:
-
Regedit.exe found in C:\WINDOWS
-
.reg open command is normal (regedit.exe %1)
-
Company name OK: ‘Microsoft Corporation’
-
Original filename OK: ‘REGEDIT.EXE’
-
File description: ‘Edytor rejestru’
Registry check passed
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
Enumerating Task Scheduler jobs:
*No jobs found*
Enumerating Download Program Files:
[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english/ka … nicode.cab
[GameDesire Card Games]
CODEBASE = http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab
[Formant instalacji programów Onet.pl]
CODEBASE = http://slimak.onet.pl/_m/konekt/OnetInstalator016.ocx
[{6CB5E471-C305-11D3-99A8-000086395495}]
CODEBASE = http://toolbar.google.com/data/pl/big/1 … gleNav.cab
[GSDACtl Class]
CODEBASE = http://launch.gamespyarcade.com/softwar … launch.cab
[Java Plug-in 1.4.0_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
CODEBASE = http://java.sun.com/products/plugin/aut … 03-win.cab
[GameDesire BreakOut]
CODEBASE = http://67.15.101.3/g_bin/pl/breakout_2_0_0_18.cab
[{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}]
CODEBASE = http://messenger.msn.com/download/MsnMe … loader.cab
[ZoneIntro Class]
CODEBASE = http://zone.msn.com/binFramework/v10/ZI … b34246.cab
[Java Plug-in 1.4.0_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
CODEBASE = http://java.sun.com/products/plugin/aut … 03-win.cab
[MainControl Class]
InProcServer32 = C:\WINDOWS\system32\SkanerOnline.dll
CODEBASE = http://www.mks.com.pl/skaner/SkanerOnline.cab
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Enumerating Windows NT/2000/XP services
a347bus: system32\DRIVERS\a347bus.sys (system)
a347scsi: System32\Drivers\a347scsi.sys (system)
Sterownik Microsoft ACPI: system32\DRIVERS\ACPI.sys (system)
General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)
USB ADSL WAN Adapter: system32\DRIVERS\adiusbaw.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): system32\DRIVERS\alcan5wn.sys (manual start)
SpeedTouch ADSL Modem ATM Transport: system32\DRIVERS\alcaudsl.sys (manual start)
Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Urządzenie alarmowe: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Usługa bramy warstwy aplikacji: %SystemRoot%\System32\alg.exe (manual start)
Sterownik procesora AMD K7: system32\DRIVERS\amdk7.sys (system)
A4Tech PS/2 Port Mouse Driver: system32\DRIVERS\Amps2prt.sys (manual start)
Zarządzanie aplikacjami: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Sterownik multimediów asynchronicznych RAS: system32\DRIVERS\asyncmac.sys (manual start)
Standardowy kontroler dysku twardego IDE/ESDI: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATITool Overclocking Utility: system32\DRIVERS\ATITool.sys (system)
Protokół klienta ARP ATM: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sterownik Audio Stub: system32\DRIVERS\audstub.sys (manual start)
basic2: system32\DRIVERS\HSF_BSC2.sys (manual start)
Usługa inteligentnego transferu w tle: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Boonty Games: “C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe” (disabled)
Przeglądarka komputera: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Dekoder napisów: system32\DRIVERS\CCDECODE.sys (manual start)
Sterownik stacji dysków CD-ROM: system32\DRIVERS\cdrom.sys (system)
Usługa indeksowania: %SystemRoot%\system32\cisvc.exe (disabled)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
Panda Anti-Dialer: ??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys (manual start)
Aplikacja systemowa modelu COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Usługi kryptograficzne: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
d347bus: system32\DRIVERS\d347bus.sys (system)
d347prt: System32\Drivers\d347prt.sys (system)
Program uruchamiający proces serwera DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Klient DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Sterownik dysku: system32\DRIVERS\disk.sys (system)
Usługa administracyjna Menedżera dysków logicznych: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Sterownik Menedżera dysków logicznych: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Menedżer dysków logicznych: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Syntezator Microsoft Kernel DLS: system32\drivers\DMusic.sys (manual start)
Klient DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
enodpl: System32\drivers\enodpl.sys (autostart)
Usługa raportowania błędów: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Dziennik zdarzeń: %SystemRoot%\system32\services.exe (autostart)
System zdarzeń COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: ??\C:\Program Files\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (disabled)
Fallback: system32\DRIVERS\HSF_FALL.sys (autostart)
Zgodność szybkiego przełączania użytkowników: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Sterownik kontrolera stacji dyskietek: system32\DRIVERS\fdc.sys (manual start)
Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet: system32\DRIVERS\fetnd5.sys (manual start)
VIA Rhine Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5b.sys (manual start)
Sterownik stacji dyskietek: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: system32\DRIVERS\HSF_FSKS.sys (autostart)
Sterownik Menedżera woluminów: system32\DRIVERS\ftdisk.sys (system)
Rodzajowy klasyfikator pakietu: system32\DRIVERS\msgpc.sys (manual start)
Pomoc i obsługa techniczna: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Dostęp do urządzeń interfejsu HID: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
hsf_msft: system32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Sterownik portu klawiatury i8042 i myszy PS/2: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: “C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe” (manual start)
Sterownik filtru nagrywania dysków CD: system32\DRIVERS\imapi.sys (system)
Usługa COM nagrywania dysków CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)
InCD File System: system32\drivers\InCDFs.sys (disabled)
InCDPass: system32\drivers\InCDPass.sys (system)
InCD Reader: system32\drivers\InCDRm.sys (system)
Sterownik Zapory systemu Windows IPv6: system32\drivers\ip6fw.sys (manual start)
Sterownik filtru ruchu IP: system32\DRIVERS\ipfltdrv.sys (manual start)
Sterownik IP w tunelu IP: system32\DRIVERS\ipinip.sys (manual start)
Translator adresów sieciowych IP: system32\DRIVERS\ipnat.sys (manual start)
Sterownik IPSEC: system32\DRIVERS\ipsec.sys (system)
Usługa wyliczania IR: system32\DRIVERS\irenum.sys (manual start)
Sterownik PnP magistrali ISA/EISA: system32\DRIVERS\isapnp.sys (system)
JL2005A Toy Camera: System32\Drivers\toywdm.sys (manual start)
K56: system32\DRIVERS\HSF_K56K.sys (autostart)
Sterownik klasy klawiatury: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Serwer: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Stacja robocza: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Pomoc TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Posłaniec: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Urządzenie filtru strumieniowego usługi Unimodem: system32\drivers\MODEMCSA.sys (manual start)
Sterownik klasy myszy: system32\DRIVERS\mouclass.sys (system)
Readresator klienta WebDav: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Instalator Windows: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Serwer proxy usługi Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Serwer proxy zegara Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Serwer proxy menedżera jakości Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
Sterownik BIOS zarządzania systemem firmy Microsoft: system32\DRIVERS\mssmbios.sys (manual start)
Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming: system32\drivers\MSTEE.sys (manual start)
Koder-dekoder NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start)
Połączenie TV/wideo firmy Microsoft: system32\DRIVERS\NdisIP.sys (manual start)
Sterownik usługi Dostęp zdalny NDIS TAPI: system32\DRIVERS\ndistapi.sys (manual start)
Protokół We/Wy trybu użytkownika NDIS: system32\DRIVERS\ndisuio.sys (manual start)
Sterownik usługi Dostęp zdalny NDIS WAN: system32\DRIVERS\ndiswan.sys (manual start)
Interfejs NetBIOS: system32\DRIVERS\netbios.sys (system)
NetBios przez TCP/IP: system32\DRIVERS\netbt.sys (autostart)
DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)
DSDM DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)
Logowanie do sieci: %SystemRoot%\system32\lsass.exe (manual start)
Połączenia sieciowe: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Rozpoznawanie lokalizacji w sieci (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Sterownik monitora sieci: system32\DRIVERS\NMnt.sys (manual start)
Usługa NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Magazyn wymienny: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Sterownik filtru ruchu IPX: system32\DRIVERS\nwlnkflt.sys (manual start)
Sterownik usług przesyłania dalej ruchu IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: “C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE” (manual start)
Sterownik portu równoległego: system32\DRIVERS\parport.sys (manual start)
Panda anti-virus driver: \SystemRoot\System32\Drivers\pavdrv51.sys (autostart)
Panda Firewall Service: C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (autostart)
Panda anti-virus service: C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (autostart)
Pcatip: System32\DRIVERS\Pcatip.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Usługi IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Magazyn chroniony: %SystemRoot%\system32\lsass.exe (autostart)
Harmonogram pakietów QoS: system32\DRIVERS\psched.sys (manual start)
Sterownik bezpośredniego połączenia kablowego: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
RadClock: C:\WINDOWS\SYSTEM32\RadClock.exe (autostart)
Radeon Probe Driver: system32\DRIVERS\RadProbe.sys (manual start)
Sterownik automatycznego połączenia dostępu zdalnego: system32\DRIVERS\rasacd.sys (system)
Menedżer autopołączenia dostępu zdalnego: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Menedżer połączeń usługi Dostęp zdalny: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Sterownik usługi Dostęp zdalny PPPOE: system32\DRIVERS\raspppoe.sys (manual start)
Bezpośrednie połączenie kablowe: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Sterownik przekierowania urządzenia serwera terminali: system32\DRIVERS\rdpdr.sys (manual start)
Menedżer sesji pomocy pulpitu zdalnego: C:\WINDOWS\system32\sessmgr.exe (manual start)
Sterownik filtru odtwarzania audio cyfrowych dysków CD: system32\DRIVERS\redbook.sys (system)
Routing i dostęp zdalny: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Rejestr zdalny: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Rksample: system32\DRIVERS\HSF_SAMP.sys (manual start)
Lokalizator usługi zdalnego wywołania procedury (RPC): %SystemRoot%\system32\locator.exe (manual start)
Zdalne wywoływanie procedur (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Menedżer kont zabezpieczeń: %SystemRoot%\system32\lsass.exe (autostart)
Karta inteligentna: %SystemRoot%\System32\SCardSvr.exe (manual start)
Harmonogram zadań: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Logowanie pomocnicze: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Zawiadomienie o zdarzeniu systemowym: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Sterownik filtru Serenum: system32\DRIVERS\serenum.sys (manual start)
Sterownik portu szeregowego: system32\DRIVERS\serial.sys (system)
StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system)
Zapora systemu Windows/Udostępnianie połączenia internetowego: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wykrywanie sprzętu powłoki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
SoftFax: system32\DRIVERS\HSF_FAXX.sys (autostart)
SpeakerPhone: system32\DRIVERS\HSF_SPKP.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Bufor wydruku: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
Sterownik filtru Przywracania systemu: System32\DRIVERS\sr.sys (system)
Usługa przywracania systemu: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
Usługa odnajdywania SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
StarWind iSCSI Service: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Sterownik magistrali programowej: system32\DRIVERS\swenum.sys (manual start)
Syntezator tablicy dźwięków WAVE Microsoft Kernel GS: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{44799957-5B5A-4C0A-BFD8-8B8800E60D48} (manual start)
Urządzenie audio Microsoft Kernel System: system32\drivers\sysaudio.sys (manual start)
Dzienniki wydajności i alerty: %SystemRoot%\system32\smlogsvc.exe (manual start)
tandpl: System32\drivers\tandpl.sys (autostart)
Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Sterownik protokołu TCP/IP: system32\DRIVERS\tcpip.sys (system)
Teefer for NT: SYSTEM32\Drivers\Teefer.sys (system)
Sterownik urządzenia terminalu: system32\DRIVERS\termdd.sys (system)
Usługi terminalowe: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Kompozycje: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Tones: system32\DRIVERS\HSF_TONE.sys (autostart)
Klient śledzenia łączy rozproszonych: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Filtr AGPv3.5 firmy Microsoft: system32\DRIVERS\uagp35.sys (system)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Sterownik Microcode Update: system32\DRIVERS\update.sys (manual start)
Host uniwersalnego urządzenia Plug and Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Zasilacz awaryjny (UPS): %SystemRoot%\System32\ups.exe (manual start)
Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft: system32\DRIVERS\usbehci.sys (manual start)
Koncentrator z obsługą USB2: system32\DRIVERS\usbhub.sys (manual start)
Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start)
V124: system32\DRIVERS\HSF_V124.sys (autostart)
vax347b: system32\DRIVERS\vax347b.sys (system)
vax347s: System32\Drivers\vax347s.sys (system)
vaxscsi: \SystemRoot\System32\Drivers\vaxscsi.sys (manual start)
Kontroler ekranu VGA.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Filter: system32\DRIVERS\viaagp1.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system)
viasraid: system32\DRIVERS\viasraid.sys (system)
Kopiowanie woluminów w tle: %SystemRoot%\System32\vssvc.exe (manual start)
Usługa Czas systemu Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sterownik usługi Dostęp zdalny IP ARP: system32\DRIVERS\wanarp.sys (manual start)
Sterownik zgodności audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
SyGate for NT, wg3n: \SystemRoot\SYSTEM32\Drivers\wg3n.sys (autostart)
Instrumentacja zarządzania Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Usługa numeru seryjnego multimediów przenośnych: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Rozszerzenia sterownika Instrumentacji zarządzania Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Karta wydajności WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
wpsdrvnt: ??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (system)
Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Centrum zabezpieczeń: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Kodery-dekodery teletekstu w standardzie światowym: system32\DRIVERS\WSTCODEC.SYS (manual start)
Aktualizacje automatyczne: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Konfiguracja zerowej sieci bezprzewodowej: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Usługa dostarczania sieci: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT ‘Wininit.ini’:
PendingFileRenameOperations: *Registry value not found*
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: %system%\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
End of report, 37 579 bytes
Report generated in 0,657 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
uote]