Zamulony komp po usunięciu wirusów - log do sprawdzenia

czytom · 6 Kwiecień 2007 08:48

Proszę o sprawdzenie loga. MKS znalazł kilka wirusów, teraz wg niego jest czysto, ale komputer sprawia wrażenie zamulonego. Z góry dziękuję

Logfile of HijackThis v1.99.1 Scan saved at 09:44:35, on 2007-04-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\carpserv.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\mks_vir_2007\bin\mkstray.exe C:\Program Files\mks_vir_2007\bin\mksregmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\mks_vir_2007\bin\MksFwall.exe C:\Program Files\mks_vir_2007\bin\MksPC.exe C:\Program Files\mks_vir_2007\bin\mksupdate.exe C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\mks_vir_2007\bin\mks_scan.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\mks_vir_2007\bin\mks_mail.exe C:\WINDOWS\System32\HPZipm12.exe C:\Documents and Settings\Zygmunt\Dane aplikacji\OTi\USBNB\Exec\USBNB.exe A:\hijackthis\HijackThis.exe C:\WINDOWS\system32\taskmgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [CARPService] carpserv.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe O4 - HKLM…\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe O4 - HKLM…\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [AASecuUFD] c:\documents and settings\zygmunt\dane aplikacji\oti\usbnb\exec\usbnb.exe sys_auto_run C:\Documents and Settings\Zygmunt\Dane aplikacji\OTi\USBNB\Exec O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [MailScanner] C:\Program Files\MKS_VIR_2006\Mks_mail.exe O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip…{DD61F958-1187-4BE8-8D1A-5E397CC56973}: NameServer = 85.255.115.114,85.255.112.142 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.114 85.255.112.142 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.114 85.255.112.142 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

adam9870 · 6 Kwiecień 2007 08:58

Usuń wpisy HJT.

Użyj narzędzia FixWareOut.

Po wykonaniu pokaż nowy log z HijackThis, SilentRunners oraz zawartość pliku c:\fixwareout\report.txt

JNJN · 6 Kwiecień 2007 09:11

Proszę zmienić temat postu na konkretny,opcja zmień i popraw.JNJN

czytom · 6 Kwiecień 2007 11:02

Logfile of HijackThis v1.99.1 Scan saved at 11:40:05, on 2007-04-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\carpserv.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\mks_vir_2007\bin\mkstray.exe C:\Program Files\mks_vir_2007\bin\mks_mail.exe C:\Program Files\mks_vir_2007\bin\mksregmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\mks_vir_2007\bin\MksFwall.exe C:\Program Files\mks_vir_2007\bin\MksPC.exe C:\Program Files\mks_vir_2007\bin\mksupdate.exe C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Outlook Express\msimn.exe C:\Program Files\mks_vir_2007\bin\mks_scan.exe A:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [CARPService] carpserv.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe O4 - HKLM…\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe O4 - HKLM…\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [MailScanner] C:\Program Files\MKS_VIR_2006\Mks_mail.exe O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

i kolejny

Fixwareout Last edited 2/11/2007 Post this report in the forums please … »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “System”="" … HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls “putesprpgd” Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls “onisacputes” Deleted … »»»»» Misc files. C:\WINDOWS\system32{A444F8FA-D8E7-46FD-9E26-EC8ACEC97D1F}.exe Deleted … »»»»» Checking for older varients. … Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL’S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “CARPService”=“carpserv.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “mkstray”=“C:\Program Files\mks_vir_2007\bin\mkstray.exe” “mks_mail”=“C:\Program Files\mks_vir_2007\bin\mks_mail.exe” “MKSRegmon”=“C:\Program Files\mks_vir_2007\bin\mksregmon.exe” “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “MailScanner”=“C:\Program Files\MKS_VIR_2006\Mks_mail.exe” “PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog” … Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»

i ostatni

“Silent Runners.vbs”, revision RED (R28) (Echo output), launched at: 12:38 Operating System: Windows XP SP2 Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “MailScanner” = “C:\Program Files\MKS_VIR_2006\Mks_mail.exe” [file not found] “PcSync” = “C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ “NeroCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “CARPService” = “carpserv.exe” [“Conexant Systems, Inc.”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “mkstray” = “C:\Program Files\mks_vir_2007\bin\mkstray.exe” [“MKS Sp z o.o.”] “mks_mail” = “C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [“MkS Sp. z o.o.”] “MKSRegmon” = “C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [null data] “PCSuiteTrayApplication” = “C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup” [“Nokia”] HKLM\Software\Microsoft\Active Setup\Installed Components\ “>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}(Default)” = “Windows Media Player” \StubPath = “C:\WINDOWS\inf\unregmp2.exe /ShowWMP” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = “AcroIEHlprObj Class” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = “SSVHelper Class” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “PostBootReminder” = “{7849596a-48ea-486e-8937-a2a3009f31a9}” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “CDBurn” = “{fbeb8a05-beee-4442-804e-409d6c4515e9}” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] “WebCheck” = “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\WINDOWS\system32\webcheck.dll” [MS] “SysTray” = “{35CEC8A3-2BE6-11D2-8773-92E220524153}” -> resolves to: {CLSID}\InprocServer32(Default) = “C:\WINDOWS\System32\stobject.dll” [MS] Startup items in “Zygmunt” & “All Users” startup folders: ---------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “hp psc 1000 series” -> shortcut to: “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe” [“Hewlett-Packard Co.”] “hpoddt01.exe” -> shortcut to: “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Enabled Scheduled Tasks: ------------------------ “FRU Task #Hewlett-Packard#hp psc 1200 series#1150176439” -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I “#Hewlett-Packard#hp psc 1200 series#1150176439"” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Aktualizacje automatyczne, wuauserv, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\wuauserv.dll” [MS]} Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] Bufor wydruku, Spooler, “C:\WINDOWS\system32\spoolsv.exe” [MS] Centrum zabezpieczeä, wscsvc, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\wscsvc.dll” [MS]} Dziennik zdarzeä, Eventlog, “C:\WINDOWS\system32\services.exe” [MS] Harmonogram zadaä, Schedule, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\schedsvc.dll” [MS]} HTTP SSL, HTTPFilter, “C:\WINDOWS\System32\svchost.exe -k HTTPFilter” {“C:\WINDOWS\System32\w3ssl.dll” [MS]} Instrumentacja zarzĄdzania Windows, winmgmt, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\wbem\WMIsvc.dll” [MS]} Klient DHCP, Dhcp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\dhcpcsvc.dll” [MS]} Klient DNS, Dnscache, “C:\WINDOWS\System32\svchost.exe -k NetworkService” {“C:\WINDOWS\System32\dnsrslvr.dll” [MS]} Klient ledzenia Ączy rozproszonych, TrkWks, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\trkwks.dll” [MS]} Kompozycje, Themes, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\shsvcs.dll” [MS]} Konfiguracja zerowej sieci bezprzewodowej, WZCSVC, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\wzcsvc.dll” [MS]} Logowanie pomocnicze, seclogon, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\seclogon.dll” [MS]} Magazyn chroniony, ProtectedStorage, “C:\WINDOWS\system32\lsass.exe” [MS] Menedľer kont zabezpieczeä, SamSs, “C:\WINDOWS\system32\lsass.exe” [MS] Menedľer poĄczeä usugi Dost©p zdalny, RasMan, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\rasmans.dll” [MS]} MkS_Scan, MkS_Scan, “C:\Program Files\mks_vir_2007\bin\mks_scan.exe” [empty string] mks_vir file monitor, MksVirMonSvc, “C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe” [null data] MksFwall, MksFwall, ““C:\Program Files\mks_vir_2007\bin\MksFwall.exe”” [“MKS Sp z o.o.”] MksPC, MksPC, ““C:\Program Files\mks_vir_2007\bin\MksPC.exe”” [null data] MksUpdate, MksUpdate, ““C:\Program Files\mks_vir_2007\bin\mksupdate.exe”” [“MKS Sp. z o. o.”] Plug and Play, PlugPlay, “C:\WINDOWS\system32\services.exe” [MS] Pml Driver HPZ12, Pml Driver HPZ12, “C:\WINDOWS\System32\HPZipm12.exe” [“HP”] Pomoc i obsuga techniczna, helpsvc, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll” [MS]} Pomoc TCP/IP NetBIOS, LmHosts, “C:\WINDOWS\System32\svchost.exe -k LocalService” {“C:\WINDOWS\System32\lmhsvc.dll” [MS]} PoĄczenia sieciowe, Netman, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\netman.dll” [MS]} Program uruchamiajĄcy proces serwera DCOM, DcomLaunch, “C:\WINDOWS\system32\svchost -k DcomLaunch” {“C:\WINDOWS\system32\rpcss.dll” [MS]} PrzeglĄdarka komputera, Browser, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\browser.dll” [MS]} Rozpoznawanie lokalizacji w sieci (NLA), Nla, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\mswsock.dll” [MS]} ServiceLayer, ServiceLayer, ““C:\Program Files\PC Connectivity Solution\ServiceLayer.exe”” [“Nokia.”] Serwer, lanmanserver, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\srvsvc.dll” [MS]} Stacja robocza, lanmanworkstation, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\wkssvc.dll” [MS]} System zdarzeä COM+, EventSystem, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\es.dll” [MS]} Telefonia, TapiSrv, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\tapisrv.dll” [MS]} Usuga bramy warstwy aplikacji, ALG, “C:\WINDOWS\System32\alg.exe” [MS] Usuga Czas systemu Windows, W32Time, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\w32time.dll” [MS]} Usuga inteligentnego transferu w tle, BITS, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\qmgr.dll” [MS]} Usuga odnajdywania SSDP, SSDPSRV, “C:\WINDOWS\System32\svchost.exe -k LocalService” {“C:\WINDOWS\System32\ssdpsrv.dll” [MS]} Usuga przywracania systemu, srservice, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\srsvc.dll” [MS]} Usuga raportowania b©d˘w, ERSvc, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\ersvc.dll” [MS]} Usugi IPSEC, PolicyAgent, “C:\WINDOWS\System32\lsass.exe” [MS] Usugi kryptograficzne, CryptSvc, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\cryptsvc.dll” [MS]} Usugi terminalowe, TermService, “C:\WINDOWS\System32\svchost -k DComLaunch” {“C:\WINDOWS\System32\termsrv.dll” [MS]} WebClient, WebClient, “C:\WINDOWS\System32\svchost.exe -k LocalService” {“C:\WINDOWS\System32\webclnt.dll” [MS]} Windows Audio, AudioSrv, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\audiosrv.dll” [MS]} Windows Image Acquisition (WIA), stisvc, “C:\WINDOWS\System32\svchost.exe -k imgsvc” {“C:\WINDOWS\system32\wiaservc.dll” [MS]} Wykrywanie sprz©tu powoki, ShellHWDetection, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\shsvcs.dll” [MS]} Zapora systemu Windows/Udost©pnianie poĄczenia internetowego, SharedAccess, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\ipnathlp.dll” [MS]} Zawiadomienie o zdarzeniu systemowym, SENS, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\system32\sens.dll” [MS]} Zdalne wywoywanie procedur (RPC), RpcSs, “C:\WINDOWS\system32\svchost -k rpcss” {“C:\WINDOWS\system32\rpcss.dll” [MS]} Zgodno† szybkiego przeĄczania uľytkownik˘w, FastUserSwitchingCompatibility, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\shsvcs.dll” [MS]}

Sporo czytania mam nadzieję że nic nie popsułem i nie obciąłem któregoś loga