Skany portów przez nie uchwytnego napastnika


(Tentacja) #1

Witam. Mam problem z skanowanymi portami jak mniemam... po każdym połączniu się z internetem, za pomoca nostrady mm taki logi w firewall-u

atakiqv1.jpg

używam dobrze skonfigurowanego jetico firewall, antivir, ad-aware se profional, spybot-search destroy i windows worms door cleaner

oto logo hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 16:11:22, on 2006-10-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Program Files\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

D:\Program Files\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SLEE81.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Spybot - Search Destroy\TeaTimer.exe

D:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Root\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{4CD1E9F1-E296-4603-A309-3716A959456C}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\InCD\InCDsrv.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe

O23 - Service: Speed Disk service - Symantec Corporation - D:\Program Files\Speed Disk\nopdb.exe

Denerwują mnie te skany bo ciągle skanowane sa porty 135;445;1027;4662;6346

Nie dawno zrobiłm formata, i na 1 połączeniu odrazy miałm taki logi z firewalla; nawet sobi jakim prgramem zablokowałm wszystkie połącznia z aderesami 83.XX.XXX.XXX to w logo zaczeł się pojawiać 80.XX.XXX.XXX i chyba 64.XX.XXX.XXX.... sprawa mnie denerwuje bo nie moge otwierać programów p2p na portach 6346 i 4662

nie znam przyczyny tych ataków... nie wiem czy to jakiś spyware czy coś innego.... mam nadieje że możcie mi poradzić coś sensowngo


(Bbieniol) #2

Log jest czysty :slight_smile:

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (jeżeli jakieś znaczki są żółte, to niech takie zostaną). Po użyciu tego narzędzia wymagany jest reset sysa.


(Tentacja) #3

Z tego programu(windows worme door cleaner) zablokowałem wszystkie podatne porty... dożucam jeszcze z spybot s&d

ActiveX

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---


2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2006-09-30 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2006-02-06 advcheck.dll (1.0.2.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2006-02-20 Tools.dll (2.0.0.2)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2006-10-06 Includes\Cookies.sbi

2006-10-06 Includes\Dialer.sbi

2006-10-06 Includes\Hijackers.sbi

2006-10-06 Includes\Keyloggers.sbi

2006-10-06 Includes\Malware.sbi

2006-10-06 Includes\PUPS.sbi

2006-10-06 Includes\Revision.sbi

2006-10-06 Includes\Security.sbi

2006-10-06 Includes\Spybots.sbi

2005-02-17 Includes\Tracks.uti

2006-10-06 Includes\Trojans.sbi


{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)

          DPF name: Java Runtime Environment 1.5.0

        CLSID name: Java Plug-in 1.5.0_07

         Installer: 

          Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

       description: Sun Java

    classification: Legitimate

    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll

         info link: 

       info source: Patrick M. Kolla

              Path: C:\Program Files\Java\jre1.5.0_07\bin\

         Long name: NPJPI150_07.dll

        Short name: NPJPI1~1.DLL

    Date (created): 2006-05-03 02:57:02

Date (last access): 2006-10-06 23:43:22

 Date (last write): 2006-05-03 03:14:38

          Filesize: 69746

        Attributes: archive 

               MD5: 2663A75A8F6DAD0F7C10BF920AE81940

             CRC32: 5235B91D

           Version: 5.0.70.3


{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)

          DPF name: Java Runtime Environment 1.5.0

        CLSID name: Java Plug-in 1.5.0_07

         Installer: 

          Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

       description: 

    classification: Legitimate

    known filename: NPJPI150_07.dll

         info link: 

       info source: Safer Networking Ltd.

              Path: C:\Program Files\Java\jre1.5.0_07\bin\

         Long name: NPJPI150_07.dll

        Short name: NPJPI1~1.DLL

    Date (created): 2006-05-03 02:57:02

Date (last access): 2006-10-06 23:43:22

 Date (last write): 2006-05-03 03:14:38

          Filesize: 69746

        Attributes: archive 

               MD5: 2663A75A8F6DAD0F7C10BF920AE81940

             CRC32: 5235B91D

           Version: 5.0.70.3


{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)

          DPF name: Java Runtime Environment 1.5.0

        CLSID name: Java Plug-in 1.5.0_07

         Installer: 

          Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

       description: 

    classification: Legitimate

    known filename: npjpi150_06.dll

         info link: 

       info source: Safer Networking Ltd.

              Path: C:\Program Files\Java\jre1.5.0_07\bin\

         Long name: NPJPI150_07.dll

        Short name: NPJPI1~1.DLL

    Date (created): 2006-05-03 02:57:02

Date (last access): 2006-10-06 23:43:22

 Date (last write): 2006-05-03 03:14:38

          Filesize: 69746

        Attributes: archive 

               MD5: 2663A75A8F6DAD0F7C10BF920AE81940

             CRC32: 5235B91D

           Version: 5.0.70.3

Winsock

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---


2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2006-09-30 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2006-02-06 advcheck.dll (1.0.2.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2006-02-20 Tools.dll (2.0.0.2)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2006-10-06 Includes\Cookies.sbi

2006-10-06 Includes\Dialer.sbi

2006-10-06 Includes\Hijackers.sbi

2006-10-06 Includes\Keyloggers.sbi

2006-10-06 Includes\Malware.sbi

2006-10-06 Includes\PUPS.sbi

2006-10-06 Includes\Revision.sbi

2006-10-06 Includes\Security.sbi

2006-10-06 Includes\Spybots.sbi

2005-02-17 Includes\Tracks.uti

2006-10-06 Includes\Trojans.sbi


Protocol 0: MSAFD Tcpip [TCP/IP]

        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP IP protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD Tcpip [*]


Protocol 1: MSAFD Tcpip [UDP/IP]

        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP IP protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD Tcpip [*]


Protocol 2: MSAFD Tcpip [RAW/IP]

        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP IP protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD Tcpip [*]


Protocol 3: RSVP UDP Service Provider

        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

    Filename: %SystemRoot%\system32\rsvpsp.dll

 Description: Microsoft Windows NT/2k/XP RVSP

 DB filename: %SystemRoot%\system32\rsvpsp.dll

 DB protocol: RSVP * Service Provider


Protocol 4: RSVP TCP Service Provider

        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

    Filename: %SystemRoot%\system32\rsvpsp.dll

 Description: Microsoft Windows NT/2k/XP RVSP

 DB filename: %SystemRoot%\system32\rsvpsp.dll

 DB protocol: RSVP * Service Provider


Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{16A548E3-BC25-4CEB-888A-52F2C735BB04}] SEQPACKET 3

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{16A548E3-BC25-4CEB-888A-52F2C735BB04}] DATAGRAM 3

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2678DF61-AFA5-4E3C-BB5D-F2F624B34EEF}] SEQPACKET 0

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2678DF61-AFA5-4E3C-BB5D-F2F624B34EEF}] DATAGRAM 0

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB8C4535-11FE-4A64-B4C3-E0D359A6E244}] SEQPACKET 1

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB8C4535-11FE-4A64-B4C3-E0D359A6E244}] DATAGRAM 1

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C10CE8B1-492F-4EE8-B239-4F8F0E73DABA}] SEQPACKET 2

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C10CE8B1-492F-4EE8-B239-4F8F0E73DABA}] DATAGRAM 2

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB74831D-9513-4E7F-9B5D-9C16ADF0B0F6}] SEQPACKET 4

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB74831D-9513-4E7F-9B5D-9C16ADF0B0F6}] DATAGRAM 4

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CD1E9F1-E296-4603-A309-3716A959456C}] SEQPACKET 5

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CD1E9F1-E296-4603-A309-3716A959456C}] DATAGRAM 5

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Namespace Provider 0: TCP/IP

        GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

    Filename: %SystemRoot%\System32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: TCP/IP


Namespace Provider 1: NTDS

        GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

    Filename: %SystemRoot%\System32\winrnr.dll

 Description: Microsoft Windows NT/2k/XP name space provider

 DB filename: %SystemRoot%\system32\winrnr.dll

 DB protocol: NTDS


Namespace Provider 2: Obszar nazw rozpoznawania lokalizacji w sieci (NLA)

        GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

    Filename: %SystemRoot%\System32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP name space provider

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: NLA-Namespace

i lista procesów

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---


2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2006-09-30 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2006-02-06 advcheck.dll (1.0.2.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2006-02-20 Tools.dll (2.0.0.2)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2006-10-06 Includes\Cookies.sbi

2006-10-06 Includes\Dialer.sbi

2006-10-06 Includes\Hijackers.sbi

2006-10-06 Includes\Keyloggers.sbi

2006-10-06 Includes\Malware.sbi

2006-10-06 Includes\PUPS.sbi

2006-10-06 Includes\Revision.sbi

2006-10-06 Includes\Security.sbi

2006-10-06 Includes\Spybots.sbi

2005-02-17 Includes\Tracks.uti

2006-10-06 Includes\Trojans.sbi


PID: 0 ( 0) [System]

PID: 464 ( 4) \SystemRoot\System32\smss.exe

PID: 524 ( 464) \??\C:\WINDOWS\system32\csrss.exe

PID: 548 ( 464) \??\C:\WINDOWS\system32\winlogon.exe

PID: 592 ( 548) C:\WINDOWS\system32\services.exe

 size: 108544

  MD5: 3DA8D964D2CC12EF8E8C342471A37917

PID: 604 ( 548) C:\WINDOWS\system32\lsass.exe

 size: 13312

  MD5: F485FEFC8CC4FD29243D800BE5D275D1

PID: 772 ( 592) C:\WINDOWS\system32\svchost.exe

 size: 14336

  MD5: BA98327E90022DBD6EE76490E0622E2E

PID: 840 ( 592) C:\WINDOWS\system32\svchost.exe

 size: 14336

  MD5: BA98327E90022DBD6EE76490E0622E2E

PID: 872 ( 592) C:\WINDOWS\System32\svchost.exe

 size: 14336

  MD5: BA98327E90022DBD6EE76490E0622E2E

PID: 900 ( 592) D:\Program Files\InCD\InCDsrv.exe

 size: 668672

  MD5: F84B64AF624FE6AEBB98D2A6C7126A76

PID: 1060 ( 592) C:\WINDOWS\system32\svchost.exe

 size: 14336

  MD5: BA98327E90022DBD6EE76490E0622E2E

PID: 1100 ( 592) C:\WINDOWS\system32\svchost.exe

 size: 14336

  MD5: BA98327E90022DBD6EE76490E0622E2E

PID: 1244 ( 592) C:\WINDOWS\system32\spoolsv.exe

 size: 57856

  MD5: BEBE8A85954FF460374FD5A0CD21E19B

PID: 1432 ( 592) C:\WINDOWS\system32\drivers\CDAC11BA.EXE

 size: 54784

  MD5: 9BDBDA21D3BA8E374FD06A405BE10215

PID: 1504 ( 592) D:\Program Files\Norton Utilities\NPROTECT.EXE

 size: 135168

  MD5: 93CBFD618F2416703F1E3DB7C2A7D979

PID: 1552 ( 592) C:\WINDOWS\system32\nvsvc32.exe

 size: 127045

  MD5: EC36E02C73A5240A940065B0AC9965AB

PID: 1656 ( 592) D:\Program Files\Speed Disk\nopdb.exe

 size: 176161

  MD5: 8A3A2F3956BBC551A31C734BCD77419D

PID: 1724 ( 592) C:\WINDOWS\system32\svchost.exe

 size: 14336

  MD5: BA98327E90022DBD6EE76490E0622E2E

PID: 1176 ( 592) C:\WINDOWS\System32\alg.exe

 size: 44544

  MD5: 9D12991BC6B6C5C0FBAB4C06E7073DF1

PID: 2696 ( 592) C:\WINDOWS\system32\SLEE81.exe

 size: 36864

  MD5: 119847C8AC766EF407FF0CC9BA51EDCD

PID: 2956 ( 592) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

 size: 195624

  MD5: 7AD96DD8634E88095134F0BCD5CA8320

PID: 3056 ( 592) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

 size: 36392

  MD5: 214F4082A8AE495FCFAE1ADD306A11B5

PID: 2152 ( 872) C:\WINDOWS\system32\wscntfy.exe

 size: 13824

  MD5: 1905812AB06A70FF21907FAA10C927D6

PID: 2624 (2532) C:\WINDOWS\Explorer.EXE

 size: 1033728

  MD5: 379098A96E6C165B659DE7E4328010EA

PID: 2788 (2624) C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

 size: 241704

  MD5: 88EF9D47D1FB477456EFBB140FD19E02

PID: 2436 (2624) C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe

 size: 118784

  MD5: 02AF098D4AC0D4C4C91C19B5E0718324

PID: 2524 (2624) C:\WINDOWS\SOUNDMAN.EXE

 size: 77824

  MD5: FF86E640E4E0FD18CFB4696B38867222

PID: 2844 (2624) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 size: 1415824

  MD5: 70496EEE0DDBE485F658693826F44D38

PID: 2728 (2624) D:\Program Files\Gadu-Gadu\gg.exe

 size: 2396160

  MD5: FF35EFD0AD318B30DC943953C9CD89ED

PID: 596 (2624) D:\Program Files\Opera\Opera.exe

 size: 79360

  MD5: BE0EBF14368CCF7A69055486C2068DA9

PID: 1356 (2624) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

 size: 4393096

  MD5: 09CA174A605B480318731E691DC98539

PID: 4 ( 0) System

przed chwila w ogóle mi zablokowało internet.... byłem podłączony, ale nie było żadnego ruchu danch, tak więc nic nie moglem z internetem zrobić, ale nie wyskoczył żaden komunikat o rozłączeniu z tepsą... po za tym pc nie reagował do puki nie odłączłem kalba z modemu... zauważyłem że w ActiveX został wprowadzone zmiany... :frowning: jestem zły bo format nie rozwiązał tego problemu, a backup sprzed formatu składał się tylko z plików doc xls mp3 i ich rar

i jeszcze jedno na poczatku po połączeniu mam wsyłane pakiet do 224.0.0.22

aaaattda5.jpg

Złączono Posta : 13.10.2006 (Pią) 21:58

widze niesamowitą pomoc :(... cz jest t osoba która mogła by mi wyjaśnić co chodzi....