Prośba O Sprawdzenie Loga

[mj12]

Witam

 

Chciałbym rutynowo sprawdzić system pod kątem wszelkiego syfu. System zachowuje się normalnie.

OS to Vista x64.

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HijackThis"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:13:46, on 2008-04-17

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\CTHELPER.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\TrueCrypt\TrueCrypt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Konnekt\konnekt.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\totalcmd\TOTALCMD.EXE

G:\Instalacyjne i sterowniki\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O4 - Startup: TrueCrypt.lnk = C:\Program Files\TrueCrypt\TrueCrypt.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 4438 bytes

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "SilentRunners"

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows Vista

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"TrueCrypt" = ""C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe" /q preferences" ["TrueCrypt Foundation"]

"SpybotSD TeaTimer" = "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"AsioReg" = "REGSVR32 /S CTASIO.DLL" [MS]

"AsioThk32Reg" = "REGSVR32.EXE /S CTASIO.DLL"

"CTHelper" = "CTHELPER.EXE" [** WMI GetObject error **]

"CTxfiHlp" = "CTXFIHLP.EXE" [** WMI GetObject error **]

"WinampAgent" = ""C:\Program Files (x86)\Winamp\winampa.exe"" [file not found]

"SunJavaUpdateSched" = ""C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\Windows\system32\audiodev.dll" [** WMI GetObject error **]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files (x86)\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{8A56567E-A333-4843-B6E1-C3A262E41D8C}" = "HashTab Property Page"

-> {HKLM...CLSID} = "HashPage Class"

\InProcServer32\(Default) = "C:\Program Files (x86)\HashTab Shell Extension\HashTab.dll" ["Beeblebrox.org"]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll" [MS]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Program Files (x86)\Nokia\Nokia PC Suite 6\phonebrowser.dll" ["Nokia"]

 

HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\

<<!>> "Userinit" = "userinit.exe" [MS]

 

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"OODBS" [file not found]

 

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"

-> {HKLM...CLSID} = "AP encoding/decoding Filters"

\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"

-> {HKLM...CLSID} = "AP encoding/decoding Filters"

\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files (x86)\7-Zip\7-zip.dll" ["Igor Pavlov"]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files (x86)\7-Zip\7-zip.dll" ["Igor Pavlov"]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

 

 

Default executables:

--------------------

 

<<!>> HKLM\SOFTWARE\Classes\.bat\(Default) = "C:\Program Files (x86)\Notepad++\notepad++.exe %1"

 

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"

<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

 

"ConsentPromptbehaviorAdmin" = (REG_DWORD) dword:0x00000002

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

 

"ConsentPromptbehaviorUser" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: behavior Of The Elevation Prompt For Standard Users}

 

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}

 

"EnableLUA" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

 

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}

 

"EnableVirtualization" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}

 

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Switch to the secure desktop when prompting for elevation}

 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}

 

"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\Jarek\Grafika\8_-_AmStar_7.JPG"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\Jarek\AppData\Roaming\XnView\\xnview_wallpaper_20080915.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]

 

 

Windows Portable Device AutoPlay Handlers

-----------------------------------------

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

 

CDBurnerXP\

"Provider" = "CDBurnerXP"

"InvokeProgID" = "CDBurnerXPOpen"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = ""C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe"" [null data]

 

WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files (x86)\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = ""C:\Program Files (x86)\Winamp\winamp.exe"" ["Nullsoft"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

 

Transport Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Explorer Bars

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32\(Default) = "C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"

\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

 

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Wyślij do programu OneNote"

"MenuText" = "Wyślij &do programu OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll" [MS]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Agent zasad IPsec, PolicyAgent, "C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted" {"C:\Windows\System32\ipsecsvc.dll" [file not found]}

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

Bufor wydruku, Spooler, "C:\Windows\System32\spoolsv.exe" [file not found]

Centrum zabezpieczeń, wscsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wscsvc.dll" [file not found]}

Dziennik zdarzeń systemu Windows, Eventlog, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wevtsvc.dll" [file not found]}

Harmonogram klas multimediów, MMCSS, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\mmcss.dll" [file not found]}

Harmonogram zadań, Schedule, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\schedsvc.dll" [file not found]}

Informacje o aplikacji, Appinfo, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appinfo.dll" [file not found]}

Instrumentacja zarządzania Windows, Winmgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wbem\WMIsvc.dll" [file not found]}

Klient DNS, Dnscache, "C:\Windows\system32\svchost.exe -k NetworkService" {"C:\Windows\System32\dnsrslvr.dll" [file not found]}

Klient zasad grupy, gpsvc, "C:\Windows\system32\svchost.exe -k GPSvcGroup" {"C:\Windows\System32\gpsvc.dll" [file not found]}

Konfiguracja usług terminalowych, SessionEnv, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\sessenv.dll" [MS]}

Konstruktor punktów końcowych audio systemu Windows, AudioEndpointBuilder, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}

Kopia zapasowa systemu Windows, SDRSVC, "C:\Windows\system32\svchost.exe -k SDRSVC" {"C:\Windows\System32\SDRSVC.dll" [file not found]}

Licencjonowanie oprogramowania, slsvc, "C:\Windows\system32\SLsvc.exe" [file not found]

Logowanie pomocnicze, seclogon, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\seclogon.dll" [file not found]}

Menedżer kont zabezpieczeń, SamSs, "C:\Windows\system32\lsass.exe" [file not found]

Menedżer połączeń usługi Dostęp zdalny, RasMan, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\rasmans.dll" [file not found]}

Menedżer sesji Menedżera okien pulpitu, UxSms, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\uxsms.dll" [file not found]}

Moduły obsługi kluczy IPsec IKE i AuthIP, IKEEXT, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\ikeext.dll" [file not found]}

NMSAccessU, NMSAccessU, "C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe" [null data]

Odnajdywanie SSDP, SSDPSRV, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\System32\ssdpsrv.dll" [file not found]}

Plug and Play, PlugPlay, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpnpmgr.dll" [file not found]}

Podstawowy aparat filtrowania, BFE, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\System32\bfe.dll" [file not found]}

Połączenia sieciowe, Netman, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\netman.dll" [file not found]}

Program uruchamiający proces serwera DCOM, DcomLaunch, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\rpcss.dll" [file not found]}

Propagacja certyfikatu, CertPropSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\certprop.dll" [file not found]}

Rozpoznawanie lokalizacji w sieci, NlaSvc, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\nlasvc.dll" [file not found]}

SBSD Security Center Service, SBSDWSCService, "C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe" ["Safer Networking Ltd."]

Serwer, LanmanServer, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\srvsvc.dll" [file not found]}

Stacja robocza, LanmanWorkstation, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\wkssvc.dll" [file not found]}

Usługa Asystent zgodności programów, PcaSvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\pcasvc.dll" [file not found]}

Usługa Czas systemu Windows, W32Time, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\w32time.dll" [file not found]}

Usługa inteligentnego transferu w tle, BITS, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\qmgr.dll" [file not found]}

Usługa interfejsu magazynu sieciowego, nsi, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\nsisvc.dll" [file not found]}

Usługa profilów użytkowników, ProfSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\profsvc.dll" [file not found]}

Usługa Protokół SSTP, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [file not found]}

Usługa raportowania błędów systemu Windows, WerSvc, "C:\Windows\System32\svchost.exe -k WerSvcGroup" {"C:\Windows\System32\WerSvc.dll" [file not found]}

Usługa zasad diagnostyki, DPS, "C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\dps.dll" [file not found]}

Usługi terminalowe, TermService, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\termsrv.dll" [file not found]}

Użytkowanie aplikacji, AeLookupSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\aelupsvc.dll" [file not found]}

Windows Audio, AudioSrv, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}

Windows Defender, WinDefend, "C:\Windows\System32\svchost.exe -k secsvcs" {"C:\Program Files (x86)\Windows Defender\mpsvc.dll" [file not found]}

Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [file not found]}

Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [file not found]}

Windows Update, wuauserv, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wuaueng.dll" [file not found]}

Wstępne ładowanie do pamięci, SysMain, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\sysmain.dll" [file not found]}

Zapora systemu Windows, MpsSvc, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\mpssvc.dll" [file not found]}

Zarządzanie aplikacjami, AppMgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appmgmts.dll" [MS]}

Zdalne wywoływanie procedur (RPC), RpcSs, "C:\Windows\system32\svchost.exe -k rpcss" {"C:\Windows\system32\rpcss.dll" [file not found]}

 

 

Print Monitors:

---------------

 

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [file not found]

 

 

---------- (launch time: 2008-09-18 11:48:13)

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 61 seconds, including 18 seconds for message boxes)

[Kolobos]

Wyglada ok.

[mj12]

Dzięki za odpowiedź. Przy okazji zapytam się o jedną rzecz: na ile wiarygodny jest ten automat do sprawdzania logów HT: http://www.hijackthis.de ?

Edytowane 18 Września 2008 przez mj12

[Kolobos]

Mozna go spokojnie uzywac, obecnie logi z hijackthis sa i tak prawie zbedne, a ten automat dziala calkiem dobrze (wczesniej bywalo roznie).