Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Sprawdzenie loga, oraz problem z "wirusem"
09 Wrz 2007, 23:16
Na początek: w nocy mam ustawione automatyczne skanowanie dysku Anti-Virem Avirą, dzinnie wykrywa takie coś i nie idzie tego ani usunąć ani znaleźć na dysku:
Jeśli już jesteśmy przy temacie, wirusów itp, to jak komuś się chcę sprawdzić, to zamieszczam loga, z HiJackThis:
- Kod:
C:\WINDOWS\system32:regedt.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Poison.P Backdoor server programs
Jeśli już jesteśmy przy temacie, wirusów itp, to jak komuś się chcę sprawdzić, to zamieszczam loga, z HiJackThis:
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:14, on 2007-09-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\Opera.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.101:808
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://mz.powerchallenge.com/applet/PowerLoader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7300 bytes
09 Wrz 2007, 23:31
Poproszę o loga z gmera.
10 Wrz 2007, 00:15
Czy mógłyś napisać mi w jaki sposób zrobić w tym programie log'a?
Jest tam dużo opcji tworzenia logów (np. wybór z czego ma być ten log).
Jest tam dużo opcji tworzenia logów (np. wybór z czego ma być ten log).
10 Wrz 2007, 14:41
Z Gmer'a możesz pokazać dwa logi.
1. Rootkit->zaznacz Pokaż wszystko->wskaż tylko Usługi->Szukaj->Kopiuj->CTRL+V i do Notatnika lub na wklej.org
2. Rootkit->odznacz Pokaż wszystko->wskazane wszystkie obiekty do skanowania->Szukaj->Kopiuj
CTRL+V i do Notatnika lub na wklej.org.
Fix w HJT.
Proxy sam ustawiałeś?
Pokaż także log z Silent Runners i ComboFix.
1. Rootkit->zaznacz Pokaż wszystko->wskaż tylko Usługi->Szukaj->Kopiuj->CTRL+V i do Notatnika lub na wklej.org
2. Rootkit->odznacz Pokaż wszystko->wskazane wszystkie obiekty do skanowania->Szukaj->Kopiuj
CTRL+V i do Notatnika lub na wklej.org.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Fix w HJT.
Proxy sam ustawiałeś?
Pokaż także log z Silent Runners i ComboFix.
10 Wrz 2007, 15:40
Proxy sam ustawiałem (aby sciagać z 2 łącz int. przez flashgeta).
Log z Gmera (tylko usługi)
Log z Gmera (tylko usługi)
- Kod:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-10 15:37:34
Windows 5.1.2600 Dodatek Service Pack 2
---- Services - GMER 1.0.13 ----
Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\system32\DRIVERS\AegisP.sys [AUTO] AegisP
Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service C:\WINDOWS\system32\DRIVERS\Amfilter.sys [SYSTEM] Amfilter
Service [DISABLED] amsint
Service C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [MANUAL] Amusbprt
Service C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [AUTO] AntiVirScheduler
Service C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [AUTO] AntiVirService
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_2.0.50727
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\DRIVERS\atksgt.sys [AUTO] atksgt
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub
Service C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys [SYSTEM] avgio
Service C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys [MANUAL] avgntflt
Service C:\WINDOWS\system32\DRIVERS\avipbb.sys [SYSTEM] avipbb
Service BattC
Service [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS
Service C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [MANUAL] BlueletAudio
Service C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [AUTO] BlueSoleil Hid Service
Service C:\Program Files\Bonjour\mDNSResponder.exe [AUTO] Bonjour Service
Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser
Service C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [MANUAL] BT
Service C:\WINDOWS\System32\Drivers\btcusb.sys [MANUAL] Btcsrusb
Service C:\WINDOWS\system32\DRIVERS\vbtenum.sys [MANUAL] BTHidEnum
Service C:\WINDOWS\System32\Drivers\BTHidMgr.sys [BOOT] BTHidMgr
Service C:\WINDOWS\system32\drivers\BTNetFilter.sys [MANUAL] BTNetFilter
Service [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32
Service [DISABLED] CmdIde
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\WINDOWS\system32\DRIVERS\ENTECH.sys [MANUAL] ENTECH
Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem
Service [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc
Service C:\WINDOWS\system32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS
Service [SYSTEM] Fips
Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [MANUAL] FLEXnet Licensing Service
Service [SYSTEM] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr
Service [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum
Service C:\WINDOWS\system32\giveio.sys [BOOT] giveio
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi
Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] hidusb
Service [DISABLED] hpn
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [MANUAL] IDriverT
Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [SYSTEM] intelppm
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [SYSTEM] kbdhid
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINDOWS\system32\DRIVERS\lirsgt.sys [AUTO] lirsgt
Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger
Service [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [MANUAL] Moufiltr
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr
Service C:\WINDOWS\System32\Drivers\MouseCap.sys [MANUAL] MouseCap
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC
Service C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [MANUAL] NBService
Service [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla
Service C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [MANUAL] NMIndexingService
Service [SYSTEM] Npfs
Service [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv
Service nv4
Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys [BOOT] PCIIde
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service D:\gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [AUTO] PnkBstrA
Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service RDPNP
Service [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry
Service C:\Program Files\CyberLink\Shared files\RichVideo.exe [AUTO] RichVideo
Service C:\WINDOWS\System32\Drivers\RootMdm.sys [MANUAL] ROOTMODEM
Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP
Service C:\WINDOWS\system32\DRIVERS\rt73.sys [MANUAL] RT73
Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139
Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [AUTO] Secdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial
Service C:\WINDOWS\System32\drivers\sfdrv01.sys [BOOT] sfdrv01
Service C:\WINDOWS\System32\drivers\sfhlp02.sys [BOOT] sfhlp02
Service [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\drivers\sfvfs02.sys [BOOT] sfvfs02
Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\speedfan.sys [BOOT] speedfan
Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd
Service C:\WINDOWS\system32\DRIVERS\sr.sys [DISABLED] sr
Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [SYSTEM] ssmdrv
Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [AUTO] StarWindService
Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip
Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service [MANUAL] TBPanel
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service TSDDD
Service C:\WINDOWS\system32\DRIVERS\uagp35.sys [BOOT] uagp35
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf
Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci
Service C:\WINDOWS\system32\DRIVERS\Vax347b.sys [BOOT] Vax347b
Service C:\WINDOWS\System32\Drivers\Vax347s.sys [BOOT] Vax347s
Service C:\WINDOWS\system32\DRIVERS\VComm.sys [MANUAL] VComm
Service C:\WINDOWS\System32\Drivers\VcommMgr.sys [MANUAL] VcommMgr
Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service C:\WINDOWS\system32\drivers\VHIDMini.sys [MANUAL] VHidMinidrv
Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys [BOOT] viaagp1
Service C:\WINDOWS\system32\DRIVERS\viaide.sys [BOOT] ViaIde
Service C:\WINDOWS\system32\DRIVERS\viamraid.sys [BOOT] viamraid
Service [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc
Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC
Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov
Service {662420D4-1D0D-4496-B652-4DD9B1C574B8}
Service {6F88A5C5-8757-4283-B60B-3799061F7EBE}
Service {83C38A56-1D9E-4339-AF0F-BE3ED398A9DE}
Service C:\Program Files\CyberLink\PowerDVD\000.fcl [AUTO] {95808DC4-FA4A-4c74-92FE-5B863F82066B}
Service {A05133BC-3548-4777-9F15-C57C31123335}
Service {C4836B36-AD2B-49D8-A352-E931E72B4406}
Service {D9C67FBE-CDC9-4FD2-801E-A909DAAEA7AB}
Service [MANUAL] acprf2yt
---- EOF - GMER 1.0.13 ----
10 Wrz 2007, 16:50
Niestety, ale jest czysto...