Prosze o sprawdzenie loga

grzybek (grzybek???) 2006-03-04 11:58:56 UTC #1

prosze sprawdzic mego loga komp mi sie zawiesza od pewnego czasu przeskanowalem go juz chyba wszystik co jest dostepne probowalem rowniez zainstalowac winxp od nowa ale nie idzie wyskakuje mi ze plik sys_system czy cos takiego je

Logfile of HijackThis v1.99.1 Scan saved at 12:51:30, on 2006-03-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\HotKey\HotKey.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\eMule\emule.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jarek\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.onet.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.osloskop.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.onet.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.onet.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Reboot.exe O4 - Global Startup: HotKey Driver.lnk = C:\Program Files\HotKey\HotKey.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g\_bin/pl/cards\_2\_0\_0\_63.cab O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1C5} (Formant instalacji programów Onet.pl) - http://slimak.onet.pl/\_m/konekt/OnetInstalator016.ocx O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1 ... gleNav.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g\_bin/pl/breakout\_2\_0\_0\_18.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMe ... loader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip..{02D4C2EB-F988-40E3-A8E2-0EB08E65B994}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip..{02D4C2EB-F988-40E3-A8E2-0EB08E65B994}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\SYSTEM32\RadClock.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

st uszkodzony prosze o pomoc

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

Gutek (Gutek) 2006-03-04 12:07:54 UTC #2

usuń hjickiem wpisy

No i teraz mam pytanko: czy widzisz to pierwszy raz na oczy? Tu są takie możliwości:

programik DOS do resetowania kompa z linii komend i nazywa się właśnie tak
czasem wchodzi jako resztka postinstalacyjna softu od płyty głównej
trojan Backdoor.RTB.10 przychodzący z dwoma plikami Reboot.exe & server.exe

grzybek (grzybek???) 2006-03-04 19:30:09 UTC #3

To widze pierwszy raz usunelem Beagle MKS i od tamtej pory mam klopoty z roznymi programami nie moge zainstalowac np:alkohol120 bo wyskakuje komunikat ze some drivere has been renamed or missing ale ja nic nie zmienialem .Dziekuje za szybka odpowiedz i prosze o dalsza porade

Gutek (Gutek) 2006-03-04 19:42:19 UTC #4

Daj log z Silenta - http://forum.dobreprogramy.pl/viewtopic.php?t=36654

grzybek (grzybek???) 2006-03-05 12:37:18 UTC #5

tutaj jest log z silentrunner

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "BlockAds" = (value not set) "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "WheelMouse" = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string] "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "C:\Program Files\Neostrada TP\taskbaricon.exe" ["France Télécom R&D"] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"] "ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "SCANINICIO" = ""C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"" ["Panda Software"] "APVXDWIN" = ""C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s" ["Panda Software International"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {CLSID}\InProcServer32(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{B1816445-A3ED-11D3-B2B3-00104B4C6B08}" = "Evidence Eliminator Shell Extension" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\Eeshellx.dll" ["evidence-eliminator.com"] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{36518101-49AC-42CB-8E4C-40C1F328A565}" = "Rad2 Extension" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\Rad.dll" [empty string] "{5380C14E-C0A1-4D66-87DB-5995E6FF4623}" = "Rad Extension" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\Rad.dll" [empty string] "{75B8D633-9021-442C-9EA4-FF4BE72CE20F}" = "NRad2 Extension" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\NRad.dll" ["ChrisW"] "{C6844A1E-2C59-415A-84B3-C6A458372779}" = "RadType Extension" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\RadType.dll" [empty string] "{D00900BC-23F7-4FD6-BFA2-8232112C5C49}" = "NRad Extension" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\NRad.dll" ["ChrisW"] "{D2FD83AE-994A-4D4B-9097-2C9E11ED85F0}" = "RadClkr Extension" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\RadClkR.dll" [empty string] "{7700EB62-DB7C-47AF-A092-04376CA1D24C}" = "RadMnu Extension" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\RadMnu.dll" [empty string] "{C356762A-F9FE-44AF-9630-60253630CF7B}" = "WinXP Manager" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Yanicsoft\WinXP Manager\XPCtxMenu.dll" [null data] "{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS] INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: "] INFECTION WARNING! "{35B2861B-2B26-4691-9FF0-09083722C736}" = "RadExe Extension" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\RadExe.dll" [empty string] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Evidence Eliminator(Default) = "{B1816445-A3ED-11D3-B2B3-00104B4C6B08}" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\Eeshellx.dll" ["evidence-eliminator.com"] ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] ICQLiteMenu(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] Panda Antivirus(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinXP Manager(Default) = "{C356762A-F9FE-44AF-9630-60253630CF7B}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Yanicsoft\WinXP Manager\XPCtxMenu.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"] ICQLiteMenu(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinXP Manager(Default) = "{C356762A-F9FE-44AF-9630-60253630CF7B}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Yanicsoft\WinXP Manager\XPCtxMenu.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Evidence Eliminator(Default) = "{B1816445-A3ED-11D3-B2B3-00104B4C6B08}" -> {CLSID}\InProcServer32(Default) = "C:\WINDOWS\system32\Eeshellx.dll" ["evidence-eliminator.com"] Panda Antivirus(Default) = "{65756541-C65C-11CD-0000-4B656E696100}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll" ["Panda Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Jarek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\DREAMA~1.SCR" (Dream Aquarium.scr) [null data] Startup items in "Jarek" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\Jarek\Menu Start\Programy\Autostart INFECTION WARNING! "Reboot.exe" [empty string] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "HotKey Driver" -> shortcut to: "C:\Program Files\HotKey\HotKey.exe" ["Unitek"] "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string] "VIA RAID TOOL" -> shortcut to: "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32(Default) = "C:\Program Files\ICQToolbar\toolbaru.dll" ["ICQ Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32(Default) = "C:\Program Files\ICQToolbar\toolbaru.dll" ["ICQ Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HOSTS file ---------- HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\ HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"] Panda anti-virus service, PAVSRV, "C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe" ["Panda Software"] Panda Firewall Service, PAVFIRES, "C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe" ["Panda Software"] StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 79 seconds, including 18 seconds for message boxes)

Gutek (Gutek) 2006-03-05 12:47:01 UTC #6

No czysto

grzybek (grzybek???) 2006-03-05 15:14:20 UTC #7

tu jeszcze mam taki log z hijaka[qStartupList report, 2006-03-05, 14:08:39

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Jarek\Pulpit\HijackThis.EXE

Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Neostrada TP\taskbaricon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\HotKey\HotKey.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Jarek\Pulpit\HijackThis.exe

Listing of startup folders:

Shell folders Startup:

[C]

Reboot.exe

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C]

HotKey Driver.lnk = C:\Program Files\HotKey\HotKey.exe

DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

WheelMouse = C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

WooCnxMon = C:\PROGRA~1\NEOSTR~1\CnxMon.exe

WOOWATCH = C:\PROGRA~1\NEOSTR~1\Watch.exe

WOOTASKBARICON = C:\Program Files\Neostrada TP\taskbaricon.exe

SoundMan = SOUNDMAN.EXE

gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

SCANINICIO = "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

APVXDWIN = "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

BlockAds =

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

*No values found*

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[not active]

*No values found*

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath =

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKCU..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\DREAMA~1.SCR

drivers=*Registry value not found*

Policies Shell key:

HKCU..\Policies: Shell=*Registry key not found*

HKLM..\Policies: Shell=*Registry value not found*

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

Verifying REGEDIT.EXE integrity:

Regedit.exe found in C:\WINDOWS
.reg open command is normal (regedit.exe %1)
Company name OK: 'Microsoft Corporation'
Original filename OK: 'REGEDIT.EXE'
File description: 'Edytor rejestru'

Registry check passed

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

Enumerating Task Scheduler jobs:

*No jobs found*

Enumerating Download Program Files:

[CKAVWebScan Object]

InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll

CODEBASE = http://www.kaspersky.com/kos/english/ka ... nicode.cab

[GameDesire Card Games]

CODEBASE = http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab

[Formant instalacji programów Onet.pl]

CODEBASE = http://slimak.onet.pl/_m/konekt/OnetInstalator016.ocx

[{6CB5E471-C305-11D3-99A8-000086395495}]

CODEBASE = http://toolbar.google.com/data/pl/big/1 ... gleNav.cab

[GSDACtl Class]

CODEBASE = http://launch.gamespyarcade.com/softwar ... launch.cab

[Java Plug-in 1.4.0_03]

InProcServer32 = C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll

CODEBASE = http://java.sun.com/products/plugin/aut ... 03-win.cab

[GameDesire BreakOut]

CODEBASE = http://67.15.101.3/g_bin/pl/breakout_2_0_0_18.cab

[{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}]

CODEBASE = http://messenger.msn.com/download/MsnMe ... loader.cab

[ZoneIntro Class]

CODEBASE = http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

[Java Plug-in 1.4.0_03]

InProcServer32 = C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll

CODEBASE = http://java.sun.com/products/plugin/aut ... 03-win.cab

[MainControl Class]

InProcServer32 = C:\WINDOWS\system32\SkanerOnline.dll

CODEBASE = http://www.mks.com.pl/skaner/SkanerOnline.cab

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Enumerating Windows NT/2000/XP services

a347bus: system32\DRIVERS\a347bus.sys (system)

a347scsi: System32\Drivers\a347scsi.sys (system)

Sterownik Microsoft ACPI: system32\DRIVERS\ACPI.sys (system)

General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)

USB ADSL WAN Adapter: system32\DRIVERS\adiusbaw.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): system32\DRIVERS\alcan5wn.sys (manual start)

SpeedTouch ADSL Modem ATM Transport: system32\DRIVERS\alcaudsl.sys (manual start)

Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start)

Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)

Urządzenie alarmowe: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Usługa bramy warstwy aplikacji: %SystemRoot%\System32\alg.exe (manual start)

Sterownik procesora AMD K7: system32\DRIVERS\amdk7.sys (system)

A4Tech PS/2 Port Mouse Driver: system32\DRIVERS\Amps2prt.sys (manual start)

Zarządzanie aplikacjami: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

Sterownik multimediów asynchronicznych RAS: system32\DRIVERS\asyncmac.sys (manual start)

Standardowy kontroler dysku twardego IDE/ESDI: system32\DRIVERS\atapi.sys (system)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)

ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)

ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)

ATITool Overclocking Utility: system32\DRIVERS\ATITool.sys (system)

Protokół klienta ARP ATM: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Sterownik Audio Stub: system32\DRIVERS\audstub.sys (manual start)

basic2: system32\DRIVERS\HSF_BSC2.sys (manual start)

Usługa inteligentnego transferu w tle: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Boonty Games: "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" (disabled)

Przeglądarka komputera: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Dekoder napisów: system32\DRIVERS\CCDECODE.sys (manual start)

Sterownik stacji dysków CD-ROM: system32\DRIVERS\cdrom.sys (system)

Usługa indeksowania: %SystemRoot%\system32\cisvc.exe (disabled)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)

Panda Anti-Dialer: \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys (manual start)

Aplikacja systemowa modelu COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Usługi kryptograficzne: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

d347bus: system32\DRIVERS\d347bus.sys (system)

d347prt: System32\Drivers\d347prt.sys (system)

Program uruchamiający proces serwera DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Klient DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Sterownik dysku: system32\DRIVERS\disk.sys (system)

Usługa administracyjna Menedżera dysków logicznych: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Sterownik Menedżera dysków logicznych: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Menedżer dysków logicznych: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Syntezator Microsoft Kernel DLS: system32\drivers\DMusic.sys (manual start)

Klient DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)

ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)

enodpl: System32\drivers\enodpl.sys (autostart)

Usługa raportowania błędów: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Dziennik zdarzeń: %SystemRoot%\system32\services.exe (autostart)

System zdarzeń COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)

ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)

ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (disabled)

Fallback: system32\DRIVERS\HSF_FALL.sys (autostart)

Zgodność szybkiego przełączania użytkowników: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Sterownik kontrolera stacji dyskietek: system32\DRIVERS\fdc.sys (manual start)

Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet: system32\DRIVERS\fetnd5.sys (manual start)

VIA Rhine Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5b.sys (manual start)

Sterownik stacji dyskietek: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Fsks: system32\DRIVERS\HSF_FSKS.sys (autostart)

Sterownik Menedżera woluminów: system32\DRIVERS\ftdisk.sys (system)

Rodzajowy klasyfikator pakietu: system32\DRIVERS\msgpc.sys (manual start)

Pomoc i obsługa techniczna: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Dostęp do urządzeń interfejsu HID: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

hsf_msft: system32\DRIVERS\HSF_MSFT.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

Sterownik portu klawiatury i8042 i myszy PS/2: system32\DRIVERS\i8042prt.sys (system)

InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)

Sterownik filtru nagrywania dysków CD: system32\DRIVERS\imapi.sys (system)

Usługa COM nagrywania dysków CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)

InCD File System: system32\drivers\InCDFs.sys (disabled)

InCDPass: system32\drivers\InCDPass.sys (system)

InCD Reader: system32\drivers\InCDRm.sys (system)

Sterownik Zapory systemu Windows IPv6: system32\drivers\ip6fw.sys (manual start)

Sterownik filtru ruchu IP: system32\DRIVERS\ipfltdrv.sys (manual start)

Sterownik IP w tunelu IP: system32\DRIVERS\ipinip.sys (manual start)

Translator adresów sieciowych IP: system32\DRIVERS\ipnat.sys (manual start)

Sterownik IPSEC: system32\DRIVERS\ipsec.sys (system)

Usługa wyliczania IR: system32\DRIVERS\irenum.sys (manual start)

Sterownik PnP magistrali ISA/EISA: system32\DRIVERS\isapnp.sys (system)

JL2005A Toy Camera: System32\Drivers\toywdm.sys (manual start)

K56: system32\DRIVERS\HSF_K56K.sys (autostart)

Sterownik klasy klawiatury: system32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Serwer: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Stacja robocza: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Pomoc TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Posłaniec: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Urządzenie filtru strumieniowego usługi Unimodem: system32\drivers\MODEMCSA.sys (manual start)

Sterownik klasy myszy: system32\DRIVERS\mouclass.sys (system)

Readresator klienta WebDav: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Instalator Windows: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Serwer proxy usługi Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)

Serwer proxy zegara Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)

Serwer proxy menedżera jakości Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)

Sterownik BIOS zarządzania systemem firmy Microsoft: system32\DRIVERS\mssmbios.sys (manual start)

Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming: system32\drivers\MSTEE.sys (manual start)

Koder-dekoder NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start)

Połączenie TV/wideo firmy Microsoft: system32\DRIVERS\NdisIP.sys (manual start)

Sterownik usługi Dostęp zdalny NDIS TAPI: system32\DRIVERS\ndistapi.sys (manual start)

Protokół We/Wy trybu użytkownika NDIS: system32\DRIVERS\ndisuio.sys (manual start)

Sterownik usługi Dostęp zdalny NDIS WAN: system32\DRIVERS\ndiswan.sys (manual start)

Interfejs NetBIOS: system32\DRIVERS\netbios.sys (system)

NetBios przez TCP/IP: system32\DRIVERS\netbt.sys (autostart)

DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)

DSDM DDE sieci: %SystemRoot%\system32\netdde.exe (disabled)

Logowanie do sieci: %SystemRoot%\system32\lsass.exe (manual start)

Połączenia sieciowe: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Rozpoznawanie lokalizacji w sieci (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Sterownik monitora sieci: system32\DRIVERS\NMnt.sys (manual start)

Usługa NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Magazyn wymienny: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Sterownik filtru ruchu IPX: system32\DRIVERS\nwlnkflt.sys (manual start)

Sterownik usług przesyłania dalej ruchu IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)

Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)

Sterownik portu równoległego: system32\DRIVERS\parport.sys (manual start)

Panda anti-virus driver: \SystemRoot\System32\Drivers\pavdrv51.sys (autostart)

Panda Firewall Service: C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (autostart)

Panda anti-virus service: C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (autostart)

Pcatip: System32\DRIVERS\Pcatip.sys (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)

Padus ASPI Shell: system32\drivers\pfc.sys (manual start)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Usługi IPSEC: %SystemRoot%\system32\lsass.exe (autostart)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Magazyn chroniony: %SystemRoot%\system32\lsass.exe (autostart)

Harmonogram pakietów QoS: system32\DRIVERS\psched.sys (manual start)

Sterownik bezpośredniego połączenia kablowego: system32\DRIVERS\ptilink.sys (manual start)

PxHelp20: system32\DRIVERS\PxHelp20.sys (system)

RadClock: C:\WINDOWS\SYSTEM32\RadClock.exe (autostart)

Radeon Probe Driver: system32\DRIVERS\RadProbe.sys (manual start)

Sterownik automatycznego połączenia dostępu zdalnego: system32\DRIVERS\rasacd.sys (system)

Menedżer autopołączenia dostępu zdalnego: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Menedżer połączeń usługi Dostęp zdalny: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Sterownik usługi Dostęp zdalny PPPOE: system32\DRIVERS\raspppoe.sys (manual start)

Bezpośrednie połączenie kablowe: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Sterownik przekierowania urządzenia serwera terminali: system32\DRIVERS\rdpdr.sys (manual start)

Menedżer sesji pomocy pulpitu zdalnego: C:\WINDOWS\system32\sessmgr.exe (manual start)

Sterownik filtru odtwarzania audio cyfrowych dysków CD: system32\DRIVERS\redbook.sys (system)

Routing i dostęp zdalny: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Rejestr zdalny: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Rksample: system32\DRIVERS\HSF_SAMP.sys (manual start)

Lokalizator usługi zdalnego wywołania procedury (RPC): %SystemRoot%\system32\locator.exe (manual start)

Zdalne wywoływanie procedur (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Menedżer kont zabezpieczeń: %SystemRoot%\system32\lsass.exe (autostart)

Karta inteligentna: %SystemRoot%\System32\SCardSvr.exe (manual start)

Harmonogram zadań: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (autostart)

Logowanie pomocnicze: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Zawiadomienie o zdarzeniu systemowym: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Sterownik filtru Serenum: system32\DRIVERS\serenum.sys (manual start)

Sterownik portu szeregowego: system32\DRIVERS\serial.sys (system)

StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system)

Zapora systemu Windows/Udostępnianie połączenia internetowego: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Wykrywanie sprzętu powłoki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

SoftFax: system32\DRIVERS\HSF_FAXX.sys (autostart)

SpeakerPhone: system32\DRIVERS\HSF_SPKP.sys (autostart)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Bufor wydruku: %SystemRoot%\system32\spoolsv.exe (autostart)

sptd: System32\Drivers\sptd.sys (system)

Sterownik filtru Przywracania systemu: System32\DRIVERS\sr.sys (system)

Usługa przywracania systemu: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

Usługa odnajdywania SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

StarWind iSCSI Service: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (autostart)

Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Sterownik magistrali programowej: system32\DRIVERS\swenum.sys (manual start)

Syntezator tablicy dźwięków WAVE Microsoft Kernel GS: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{44799957-5B5A-4C0A-BFD8-8B8800E60D48} (manual start)

Urządzenie audio Microsoft Kernel System: system32\drivers\sysaudio.sys (manual start)

Dzienniki wydajności i alerty: %SystemRoot%\system32\smlogsvc.exe (manual start)

tandpl: System32\drivers\tandpl.sys (autostart)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Sterownik protokołu TCP/IP: system32\DRIVERS\tcpip.sys (system)

Teefer for NT: SYSTEM32\Drivers\Teefer.sys (system)

Sterownik urządzenia terminalu: system32\DRIVERS\termdd.sys (system)

Usługi terminalowe: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Kompozycje: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

Tones: system32\DRIVERS\HSF_TONE.sys (autostart)

Klient śledzenia łączy rozproszonych: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Filtr AGPv3.5 firmy Microsoft: system32\DRIVERS\uagp35.sys (system)

Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)

Sterownik Microcode Update: system32\DRIVERS\update.sys (manual start)

Host uniwersalnego urządzenia Plug and Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Zasilacz awaryjny (UPS): %SystemRoot%\System32\ups.exe (manual start)

Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft: system32\DRIVERS\usbehci.sys (manual start)

Koncentrator z obsługą USB2: system32\DRIVERS\usbhub.sys (manual start)

Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start)

V124: system32\DRIVERS\HSF_V124.sys (autostart)

vax347b: system32\DRIVERS\vax347b.sys (system)

vax347s: System32\Drivers\vax347s.sys (system)

vaxscsi: \SystemRoot\System32\Drivers\vaxscsi.sys (manual start)

Kontroler ekranu VGA.: \SystemRoot\System32\drivers\vga.sys (system)

VIA AGP Filter: system32\DRIVERS\viaagp1.sys (system)

ViaIde: system32\DRIVERS\viaide.sys (system)

VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system)

viasraid: system32\DRIVERS\viasraid.sys (system)

Kopiowanie woluminów w tle: %SystemRoot%\System32\vssvc.exe (manual start)

Usługa Czas systemu Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Sterownik usługi Dostęp zdalny IP ARP: system32\DRIVERS\wanarp.sys (manual start)

Sterownik zgodności audio Microsoft WINMM WDM: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

SyGate for NT, wg3n: \SystemRoot\SYSTEM32\Drivers\wg3n.sys (autostart)

Instrumentacja zarządzania Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Usługa numeru seryjnego multimediów przenośnych: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Rozszerzenia sterownika Instrumentacji zarządzania Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Karta wydajności WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

wpsdrvnt: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (system)

Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)

Centrum zabezpieczeń: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Kodery-dekodery teletekstu w standardzie światowym: system32\DRIVERS\WSTCODEC.SYS (manual start)

Aktualizacje automatyczne: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Konfiguracja zerowej sieci bezprzewodowej: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Usługa dostarczania sieci: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: %system%\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

End of report, 37 579 bytes

Report generated in 0,657 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

uote]

Oparte na Discourse, najlepiej oglądać z włączonym JavaScriptem