tentacja
(Tentacja)
6 Październik 2006 14:54
#1
Witam. Mam problem z skanowanymi portami jak mniemam… po każdym połączniu się z internetem, za pomoca nostrady mm taki logi w firewall-u
używam dobrze skonfigurowanego jetico firewall, antivir, ad-aware se profional, spybot-search destroy i windows worms door cleaner
oto logo hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 16:11:22, on 2006-10-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SLEE81.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spybot - Search Destroy\TeaTimer.exe
D:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Root\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD1E9F1-E296-4603-A309-3716A959456C}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\InCD\InCDsrv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\Program Files\Speed Disk\nopdb.exe
Denerwują mnie te skany bo ciągle skanowane sa porty 135;445;1027;4662;6346
Nie dawno zrobiłm formata, i na 1 połączeniu odrazy miałm taki logi z firewalla; nawet sobi jakim prgramem zablokowałm wszystkie połącznia z aderesami 83.XX.XXX.XXX to w logo zaczeł się pojawiać 80.XX.XXX.XXX i chyba 64.XX.XXX.XXX… sprawa mnie denerwuje bo nie moge otwierać programów p2p na portach 6346 i 4662
nie znam przyczyny tych ataków… nie wiem czy to jakiś spyware czy coś innego… mam nadieje że możcie mi poradzić coś sensowngo
Bieniol
(Bbieniol)
6 Październik 2006 14:58
#2
Log jest czysty
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (jeżeli jakieś znaczki są żółte, to niech takie zostaną). Po użyciu tego narzędzia wymagany jest reset sysa.
tentacja
(Tentacja)
6 Październik 2006 22:02
#3
Z tego programu(windows worme door cleaner) zablokowałem wszystkie podatne porty… dożucam jeszcze z spybot s&d
ActiveX
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-06 Includes\Cookies.sbi
2006-10-06 Includes\Dialer.sbi
2006-10-06 Includes\Hijackers.sbi
2006-10-06 Includes\Keyloggers.sbi
2006-10-06 Includes\Malware.sbi
2006-10-06 Includes\PUPS.sbi
2006-10-06 Includes\Revision.sbi
2006-10-06 Includes\Security.sbi
2006-10-06 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-10-06 Includes\Trojans.sbi
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 2006-05-03 02:57:02
Date (last access): 2006-10-06 23:43:22
Date (last write): 2006-05-03 03:14:38
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_07.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 2006-05-03 02:57:02
Date (last access): 2006-10-06 23:43:22
Date (last write): 2006-05-03 03:14:38
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 2006-05-03 02:57:02
Date (last access): 2006-10-06 23:43:22
Date (last write): 2006-05-03 03:14:38
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3
Winsock
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-06 Includes\Cookies.sbi
2006-10-06 Includes\Dialer.sbi
2006-10-06 Includes\Hijackers.sbi
2006-10-06 Includes\Keyloggers.sbi
2006-10-06 Includes\Malware.sbi
2006-10-06 Includes\PUPS.sbi
2006-10-06 Includes\Revision.sbi
2006-10-06 Includes\Security.sbi
2006-10-06 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-10-06 Includes\Trojans.sbi
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{16A548E3-BC25-4CEB-888A-52F2C735BB04}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{16A548E3-BC25-4CEB-888A-52F2C735BB04}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2678DF61-AFA5-4E3C-BB5D-F2F624B34EEF}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2678DF61-AFA5-4E3C-BB5D-F2F624B34EEF}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB8C4535-11FE-4A64-B4C3-E0D359A6E244}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB8C4535-11FE-4A64-B4C3-E0D359A6E244}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C10CE8B1-492F-4EE8-B239-4F8F0E73DABA}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C10CE8B1-492F-4EE8-B239-4F8F0E73DABA}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB74831D-9513-4E7F-9B5D-9C16ADF0B0F6}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB74831D-9513-4E7F-9B5D-9C16ADF0B0F6}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CD1E9F1-E296-4603-A309-3716A959456C}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CD1E9F1-E296-4603-A309-3716A959456C}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Obszar nazw rozpoznawania lokalizacji w sieci (NLA)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
i lista procesów
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-06 Includes\Cookies.sbi
2006-10-06 Includes\Dialer.sbi
2006-10-06 Includes\Hijackers.sbi
2006-10-06 Includes\Keyloggers.sbi
2006-10-06 Includes\Malware.sbi
2006-10-06 Includes\PUPS.sbi
2006-10-06 Includes\Revision.sbi
2006-10-06 Includes\Security.sbi
2006-10-06 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-10-06 Includes\Trojans.sbi
PID: 0 ( 0) [System]
PID: 464 ( 4) \SystemRoot\System32\smss.exe
PID: 524 ( 464) \??\C:\WINDOWS\system32\csrss.exe
PID: 548 ( 464) \??\C:\WINDOWS\system32\winlogon.exe
PID: 592 ( 548) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 3DA8D964D2CC12EF8E8C342471A37917
PID: 604 ( 548) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: F485FEFC8CC4FD29243D800BE5D275D1
PID: 772 ( 592) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: BA98327E90022DBD6EE76490E0622E2E
PID: 840 ( 592) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: BA98327E90022DBD6EE76490E0622E2E
PID: 872 ( 592) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: BA98327E90022DBD6EE76490E0622E2E
PID: 900 ( 592) D:\Program Files\InCD\InCDsrv.exe
size: 668672
MD5: F84B64AF624FE6AEBB98D2A6C7126A76
PID: 1060 ( 592) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: BA98327E90022DBD6EE76490E0622E2E
PID: 1100 ( 592) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: BA98327E90022DBD6EE76490E0622E2E
PID: 1244 ( 592) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: BEBE8A85954FF460374FD5A0CD21E19B
PID: 1432 ( 592) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
size: 54784
MD5: 9BDBDA21D3BA8E374FD06A405BE10215
PID: 1504 ( 592) D:\Program Files\Norton Utilities\NPROTECT.EXE
size: 135168
MD5: 93CBFD618F2416703F1E3DB7C2A7D979
PID: 1552 ( 592) C:\WINDOWS\system32\nvsvc32.exe
size: 127045
MD5: EC36E02C73A5240A940065B0AC9965AB
PID: 1656 ( 592) D:\Program Files\Speed Disk\nopdb.exe
size: 176161
MD5: 8A3A2F3956BBC551A31C734BCD77419D
PID: 1724 ( 592) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: BA98327E90022DBD6EE76490E0622E2E
PID: 1176 ( 592) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 9D12991BC6B6C5C0FBAB4C06E7073DF1
PID: 2696 ( 592) C:\WINDOWS\system32\SLEE81.exe
size: 36864
MD5: 119847C8AC766EF407FF0CC9BA51EDCD
PID: 2956 ( 592) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
size: 195624
MD5: 7AD96DD8634E88095134F0BCD5CA8320
PID: 3056 ( 592) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
size: 36392
MD5: 214F4082A8AE495FCFAE1ADD306A11B5
PID: 2152 ( 872) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 1905812AB06A70FF21907FAA10C927D6
PID: 2624 (2532) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 379098A96E6C165B659DE7E4328010EA
PID: 2788 (2624) C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
size: 241704
MD5: 88EF9D47D1FB477456EFBB140FD19E02
PID: 2436 (2624) C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
size: 118784
MD5: 02AF098D4AC0D4C4C91C19B5E0718324
PID: 2524 (2624) C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: FF86E640E4E0FD18CFB4696B38867222
PID: 2844 (2624) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 2728 (2624) D:\Program Files\Gadu-Gadu\gg.exe
size: 2396160
MD5: FF35EFD0AD318B30DC943953C9CD89ED
PID: 596 (2624) D:\Program Files\Opera\Opera.exe
size: 79360
MD5: BE0EBF14368CCF7A69055486C2068DA9
PID: 1356 (2624) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
przed chwila w ogóle mi zablokowało internet… byłem podłączony, ale nie było żadnego ruchu danch, tak więc nic nie moglem z internetem zrobić, ale nie wyskoczył żaden komunikat o rozłączeniu z tepsą… po za tym pc nie reagował do puki nie odłączłem kalba z modemu… zauważyłem że w ActiveX został wprowadzone zmiany… jestem zły bo format nie rozwiązał tego problemu, a backup sprzed formatu składał się tylko z plików doc xls mp3 i ich rar
i jeszcze jedno na poczatku po połączeniu mam wsyłane pakiet do 224.0.0.22
Złączono Posta : 13.10.2006 (Pią) 21:58
widze niesamowitą pomoc :(… cz jest t osoba która mogła by mi wyjaśnić co chodzi…