Gość: koniczyna IP: *.neoplus.adsl.tpnet.pl 22.08.06, 18:06 Odpowiedz Link Zgłoś czytaj wygodnie posty
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 22.08.06, 18:08 dalsza czesc loga O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1 \LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Odpowiedz Link Zgłoś
Gość: Kolobos Re: problem z services.exe, prosba o sprawdzenie IP: *.warszawa.sdi.tpnet.pl 22.08.06, 21:09 W Start->Uruchom->services.msc zatrzymaj i wylacz usluge indeksowania. Porty masz zamkniete przy pomocy wwdc? Odinstaluj nortona, przeskanuj system przy pomocy ewido. W hjt usun: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = securityresponse.symantec.com/avcenter/fix_homepage R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: (no name) - {09D5204A-874B-9DCA-CD74-A138A4451225} - (no file) O2 - BHO: (no name) - {5983778A-7EB2-4EFF-ADDB-71E0A2CF561B} - (no file) O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.slotchbar.com (HKLM) O16 - DPF: {24311111-1111-1121-1111-111191113457} - O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} (Spd2 Class) - www.lemontv.pl/lmctrls.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - O16 - DPF: {33331111-1111-1111-1111-611111193458} - O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file) Wklej na forum log z: www.silentrunners.org/Silent%20Runners.vbs (sciagnij i uruchom). Zainstaluj firewall: www.olesno.pl/~pablo/kerio/download/sunbelt-kpf-4.2.3.exe Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 22.08.06, 21:26 dzieki! porty zablokowalem, nortona wywalilem, uluge zatrzymalem, co trzeba usunac usunalem. zaraz zapodam loga. co ciekawe, od uruchomienia windowsa przez Ostatnia dobra konfiguracje nic juz nie wyskakiwalo (jeszzce zanim odpisales) ale teraz all the time mam obraz w rozdzielczosci 640x480 i 4k kolorow! LOL. do momentu w ktorym pokazuje sie plansza wyboru uzytkownika jest ok, pozniej ta kicha. co z tym zrobic? stery monitora i karty niby w porzadku... dzieki Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 22.08.06, 22:53 ok, problem z rozdzielczoscia rozwiazany, poki co spokoj, ewido znalazlo jakies smieci, w wiekszosci adware. to log silent runner: S ilent Runners.vbs", revision 46, www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ "*windows update" = "wruaclt.exe" [file not found] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "*windows update" = "wruaclt.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data] "CafeNews" = "C:\Program Files\CafeNews\CN.exe /autostart" ["PRESS-SERVICE Monitoring Mediów www.press-service.com.pl, Multimedia Cafe www.mmcafe.pl"] "WheelMouse" = "C:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co., Ltd."] "kav" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32 \hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile" -> {HKLM...CLSID} = "Mobile" \InProcServer32\(Default) = "C:\Program Files\Siemens AG\Data Exchange Software\DESShellExt.dll" ["Siemens AG"] "{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile ContextMenuHandler" -> {HKLM...CLSID} = "Mobile ContextMenuHandler" \InProcServer32\(Default) = "C:\Program Files\Siemens AG\Data Exchange Software\DESShellExt.dll" ["Siemens AG"] "{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}" = "Mobile PropertySheetHandler" -> {HKLM...CLSID} = "Mobile PropertySheetHandler" \InProcServer32\(Default) = "C:\Program Files\Siemens AG\Data Exchange Software\DESShellExt.dll" ["Siemens AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera" -> {HKLM...CLSID} = "My Digital Camera" \InProcServer32\(Default) = "C:\Program Files\Common Files\FotoNation\camview.dll" ["FotoNation Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32 \nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32 \nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32 \nvshell.dll" ["NVIDIA Corporation"] "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler" -> {HKLM...CLSID} = "AcSignIcon" \InProcServer32\(Default) = "C:\WINDOWS\System32 \AcSignIcon.dll" ["Autodesk"] "{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview" -> {HKLM...CLSID} = "ACTHUMBNAIL" \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32 \Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32 \Audiodev.dll" [MS] "{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension" -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension" \InProcServer32\(Default) = "C:\Program Files\WIBU- SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus" -> {HKLM...CLSID} = "Web Anti-Virus" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! "BootExecute" = "autocheck autochk * sprestrt sprestrt" [file not found], [MS], [file not found], [MS], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {00020000-0000-1011-8004-0000C06B5161}\(Default) = (no title provided) -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension" \InProcServer32\(Default) = "C:\Program Files\WIBU- SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextM Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 22.08.06, 22:56 cd loga HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ InventorMenu\(Default) = "{6FDE7A70-351B-11d6-988B-0010B57A8BB7}" -> {HKLM...CLSID} = "Autodesk Inventor (tm) Part Document" \InProcServer32\(Default) = "C:\Program Files\Autodesk\Inventor 6\Bin\DT.dll" ["Autodesk, Inc."] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Default executables: -------------------- HKLM\Software\Classes\.scr\(Default) = "AutoCADScript" INFECTION WARNING! HKLM\Software\Classes\AutoCADScript\shell\open\command\(Default) = "C:\WINDOWS\NOTEPAD.EXE "%1"" [MS] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Bartek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "Bartek" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\Bartek\Menu Start\Programy\Autostart "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10 \OSA.EXE -b -l" [MS] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840 \dslmon.exe /W" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5 \Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9 \Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Explorer Bars Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Web Anti-Virus" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Kaspersky Anti-Virus 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti- Virus 6.0\avp.exe" -r" ["Kaspersky Lab"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ adimon\Driver = "C:\WINDOWS\System32\adimon.dll" ["Autodesk, Inc."] CutePDF Monitor\Driver = "cutemon2k.dll" [null data] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 537 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 784 seconds. -------- Odpowiedz Link Zgłoś
Gość: Kolobos Re: problem z services.exe, prosba o sprawdzenie IP: *.warszawa.sdi.tpnet.pl 23.08.06, 00:21 Start->Uruchom->regedit , przejdz do: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ i usun tam: "*windows update" = "wruaclt.exe" [file not found] w HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ usun: "*windows update" = "wruaclt.exe" [file not found] Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 23.08.06, 10:08 ehhh... zrobilem wszystko i nie pomoglo. juz myslalem ze dobrze jest ale ktoryms kolejnym uruchomieniu znowu to samo, ledwo tylko sie pulpit zaladuje juz wyskakuje cholerne okienko. ale nie dzieje sie tak jesli wlacze kompa w ostatniej dobrej kofniguracji, przynajmniej - nie od razu. dlatego udalo mi sie "zlapac" to cos przez kasperskiego: c:\windows\system32\drwtsn32.exe is trying to incject into proccess c:\windows\system32\services.exe nie pozwolilem (Deny) ale i tak cholera swoje zrobila, okienko wyskoczylo, ale komp dzialal i reagowal jeszcze przez dluzszy czas po tych 60s. Inny zapis z loga Kasperskiego: C:\windows\system32\drwtsn32.exe (PID) attempt to embed itself into another application (Denied) ; i tak kiklanascie raze na sekunde przez 2, 3 sekuny, a w miedzyczasie: Process (PID 4004) tried to acces Kasperski Anty Virus 6.0 but it was blocked. kiedys jeszcze udalo mi sie "podejrzec" to przez XP Proccess Explorer, i wydaje mi sie ze ulamek sekundy przed drwatsonem ktory zamyka services uruchamia sie jeszcze jakas usluga faxow (fxs costam, z katalogu system32). w KVP nic o tym nie ma, plik sprawdzilem i czysty niby jest. no ide o co chodzi... Odpowiedz Link Zgłoś
Gość: Kolobos Re: problem z services.exe, prosba o sprawdzenie IP: *.warszawa.sdi.tpnet.pl 23.08.06, 12:44 Wklej moze log z gmera, opis uzycia masz w przyklejonym poscie. Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 23.08.06, 14:06 GMER 1.0.10.10122 - www.gmer.net Rootkit 2006-08-23 13:59:46 Windows 5.1.2600 Dodatek Service Pack. 1 -- Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 23.08.06, 14:11 cze.3 loga Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82F4B720 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82F4B720 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82BECD58 Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 23.08.06, 14:08 cz.2 loga Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82BECD58 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82BECD58 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 82BECD58 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82F4B720 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82F4B72 Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 23.08.06, 14:14 cz.4 loga Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82BECD58 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 82BECD58 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 829DE3E0 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 829DE3E0 -- Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 23.08.06, 14:16 i czesc 5 finalna loga. soryy za pomylke z 3 czescia. - Odpowiedz Link Zgłoś
Gość: Kolobos Re: problem z services.exe, prosba o sprawdzenie IP: *.warszawa.sdi.tpnet.pl 23.08.06, 17:05 Podaj jakim kodem sie konczy services.exe, masz to podane w tresci komunikatu: "Proces systemowy SERVICES.EXE został nieoczekiwanie zakończony z kodem stanu..." Sprawdz tez to: support.microsoft.com/kb/318447/pl Jak pojawi sie okienko dotyczace zamkniecia systemu to wpisz: Start->Uruchom->shutdown -a wtedy odliczanie zniknie. Wyglada to na jakis problem z systemem, logi sa ok wiec to raczej nie wina trojanow, robakow itp. Odpowiedz Link Zgłoś
Gość: koniczyna Re: problem z services.exe, prosba o sprawdzenie IP: *.neoplus.adsl.tpnet.pl 23.08.06, 20:19 kod stanu to -1073741819 (z minusem na poczatku) od jakiegos czasu objawy ustaly, sam nie wiem dlaczego, po prostu wlaczylem kompa i juz bylo ok, do tej pory jest. na ta stronke microsoftu patrzylem wczensije, ale win2000... no i nie ten kod... mozliwe ze Gadugadu ma cos z tym wspolnego, od czasu gdy zaczelo sie cos sypac gadu samo znikalo z paska, wlaczalem raz jeszzce i znowu znikalo, nie laczylo sie, dopiero gdy wlaczylem na raz kilka to ktores zostawalo. dzisiaj zrobilem to samo i jak sie w koncu gg wlaczylo to sie na dodatek wysypalo i KAV wylry ze drwatson znowu cos kombinuje ale nie jestem pewien czy po prostu nie chodzilo o ten blad gg, na wszelki wypadek zablokowalem go, gg wywalilem, zainstaluje na nowo, zobacze co sie stanie. dziekuje uprzejmie za pomoc, wiele mnie nauczyl ten problem. jesli czeogs sie dowiem to podziele sie informacjami. dzieki raz jeszcze! Odpowiedz Link Zgłoś