w logu jest nadal to co było, przeskanuj http://www.ewido.net i skanerami online w trybie awaryjnym.
Ten ewido wykrył Trojan.Small.it…
I nie może go usunąć
Nie wiem czy to jest przyczyna tego ostrzeżenia z avasta…
Podaj ścieżki do wszystkich plików,
[1788]C:\WINDOWS\services.dll
[1848]C:\WINDOWS\services.dll
[1868]C:\WINDOWS\services.dll
I za pomocą ewido nie da rady ani usunąć ani przenieść do kwarantanny tego gówna… (podobnie jak za pomoca avasta)…
Killbox też tego nie usuwa…
Możesz poprawić wcześniejsze logi i wstawić je w tagi code ? bo forum się rozłazi (błąd quote) .
Ściągnij Windows Woorms Door Cleaner, odpal>>>zmień wszystkie znaczki z disable na enable>>>po użyciu narzedzia wymagany jest reset kompa.
Ściągnij Pocket Killbox>>>uruchom>>>zaznacz opcje “Delete on Reboot” i “All Files”>>>w polu “Full path of file” wklej ścieżki:
Po wklejeniu każdej ścieżki z osobna klikasz X, dopiero gdy wkleisz ostatnią ścieżkę, zgadzasz się na restart kompa.
Wyczysć katalogi temp i temporary internet files.
otwórz notatnik i wklej:
Plik>>>zapisz jako>>zmień rozszerzenie z .txt na wszystkie pliki>>>zapisz pod nazwą FIX.REG i uruchom w awaryjnym
Nowy log z silenta + log z gmera(ale tylko usługi + pokaż wszystko )
Teraz jestem w pracy, ale jak wróce top zorbię to co napisałeś w ostatnim poście… może się w końcu uda…
A jak mam je wtsawić w tagi code??
poprostu zamiast znakiem quote, obejmujesz log code
tekst w code
Nieraz quote robi taki numer, że rozłazi się całe forum.
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {HKLM...CLSID} = "KodakShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Skladnik rozszerzenia powloki CorelDRAW"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
\InProcServer32\(Default) = "C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {HKLM...CLSID} = "ACDWFTHMBPRXY"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D3796116-94D3-4009-96D7-51578411CC7D}" = "Outpost Shell Extension"
-> {HKLM...CLSID} = "oshdlr.ShellHandler"
\InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll" [file not found]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}" = "Zinio Shell Extension"
-> {HKLM...CLSID} = "Zinio Magazine"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."]
"{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}" = "Zinio Magazine Column Provider"
-> {HKLM...CLSID} = "MyMagazinesColumn Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "Userinit" = "C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WINDOWS\SERVICES.EXE" [MS], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}\(Default) = "Zinio Magazine Column Provider"
-> {HKLM...CLSID} = "MyMagazinesColumn Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Default executables:
--------------------
HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
INFECTION WARNING! HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\WINDOWS\system32\notepad.exe" "%1"" [MS]
HKLM\Software\Classes\.scr\ = (key not found)
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\ACD Wallpaper.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\Carls.scr" [null data]
Enabled Scheduled Tasks:
------------------------
"hej" -> launches: "C:\Program Files\Alarm\Alarm.exe hej" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
HOSTS file
----------
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 165 domain names to IP addresses,
165 of the IP addresses are *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
ScsiAccess, ScsiAccess, "C:\WINDOWS\System32\ScsiAccess.EXE" [null data]
Sentinel Protection Server, SentinelProtectionServer, ""C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"" ["SafeNet, Inc"]
Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 85 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 39 seconds.
---------- (total run time: 161 seconds)
Cacyki, pliku nie ma, tylko zrób fixa do rejestru:
otwórz notatnik i wklej:
Plik>>>zapisz jako>>zmień rozszerzenie z .txt na wszystkie pliki>>>zapisz pod nazwą FIX.REG i uruchom w awaryjnym
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-01 21:04:58
Windows 5.1.2600 Dodatek Service Pack 2
---- Services - GMER 1.0.10 ----
Service [SYSTEM] Aavmker4
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\drivers\ALCXSENS.SYS [MANUAL] ALCXSENS
Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM
Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service C:\WINDOWS\System32\DRIVERS\amdk7.sys [SYSTEM] AmdK7
Service [DISABLED] amsint
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state
Service [AUTO] aswMon2
Service [MANUAL] aswRdr
Service [SYSTEM] aswTdi
Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv
Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub
Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [MANUAL] Autodesk Licensing Service
Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus
Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner
Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner
Service C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe [AUTO] AVPCC
Service [SYSTEM] Beep
Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS
Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser
Service [DISABLED] cbidf2k
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service [DISABLED] CmdIde
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service C:\WINDOWS\system32\DRIVERS\d347bus.sys [BOOT] d347bus
Service C:\WINDOWS\System32\Drivers\d347prt.sys [BOOT] d347prt
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\System32\DRIVERS\DcCam.sys [SYSTEM] DcCam
Service C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [MANUAL] DcFpoint
Service C:\WINDOWS\system32\drivers\dcfs2k.sys [AUTO] DCFS2K
Service C:\WINDOWS\System32\DRIVERS\DcLps.sys [MANUAL] DcLps
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\System32\DRIVERS\DcPTP.sys [MANUAL] DcPTP
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\DRIVERS\dmio.sys [BOOT] dmio
Service [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem
Service C:\Program Files\ewido anti-spyware 4.0\guard.sys [SYSTEM] ewido anti-spyware 4.0 driver
Service C:\Program Files\ewido anti-spyware 4.0\guard.exe [AUTO] ewido anti-spyware 4.0 guard
Service C:\WINDOWS\System32\DRIVERS\exportit.sys [SYSTEM] Exportit
Service [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [SYSTEM] Fips
Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys [BOOT] FltMgr
Service [SYSTEM] Fs_Rec
Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer
Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb
Service [DISABLED] hpn
Service [DISABLED] hpt3xx
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService
Service [DISABLED] ini910u
Service [DISABLED] IntelIde
Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\System32\DRIVERS\irda.sys [AUTO] irda
Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service C:\WINDOWS\System32\svchost.exe [AUTO] Irmon
Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp
Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service C:\WINDOWS\system32\drivers\KodakCCS.exe [AUTO] KodakCCS
Service [BOOT] KSecDD
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts
Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger
Service [SYSTEM] mnmdd
Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service [BOOT] Mup
Service [BOOT] NDIS
Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\System32\DRIVERS\netbt.sys [AUTO] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla
Service [SYSTEM] Npfs
Service [DISABLED] Ntfs
Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv
Service C:\WINDOWS\System32\DRIVERS\nvatabus.sys [BOOT] nvatabus
Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc
Service C:\WINDOWS\System32\DRIVERS\nv_agp.sys [BOOT] nv_agp
Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [AUTO] NwlnkIpx
Service C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [AUTO] NwlnkNb
Service C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [AUTO] NwlnkSpx
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service C:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\System32\DRIVERS\pciide.sys [BOOT] PCIIde
Service C:\WINDOWS\system32\drivers\pclepci.sys [SYSTEM] PCLEPCI
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent
Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service [SYSTEM] PQNTDrv
Service C:\WINDOWS\System32\DRIVERS\processr.sys [SYSTEM] Processor
Service C:\WINDOWS\System32\drivers\prodrv06.sys [SYSTEM] prodrv06
Service C:\WINDOWS\System32\drivers\prohlp02.sys [BOOT] prohlp02
Service C:\WINDOWS\System32\drivers\prosync1.sys [BOOT] prosync1
Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto
Service C:\WINDOWS\System32\DRIVERS\rasirda.sys [MANUAL] Rasirda
Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan
Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti
Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service C:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook
Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry
Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP
Service C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139
Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service C:\WINDOWS\System32\ScsiAccess.EXE [AUTO] ScsiAccess
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service C:\WINDOWS\System32\Drivers\SENTINEL.SYS [AUTO] Sentinel
Service C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [AUTO] SentinelProtectionServer
Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum
Service C:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial
Service C:\WINDOWS\system32\DRIVERS\SF-620.sys [MANUAL] SF-620
Service C:\WINDOWS\System32\drivers\sfhlp01.sys [BOOT] sfhlp01
Service [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [MANUAL] SNDSrvc
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service C:\WINDOWS\System32\DRIVERS\sr.sys [BOOT] sr
Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice
Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv
Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV
Service C:\WINDOWS\SYSTEM32\Drivers\SSFS041A.SYS [BOOT] SSFS041A
Service C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS [BOOT] SSHRMD
Service C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS [BOOT] SSIDRV
Service C:\WINDOWS\System32\Drivers\sskbfd.sys [MANUAL] SSKBFD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc
Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service C:\WINDOWS\System32\Drivers\SYMDNS.SYS [MANUAL] SYMDNS
Service C:\Program Files\Symantec\SYMEVENT.SYS [MANUAL] SymEvent
Service C:\WINDOWS\System32\Drivers\SYMFW.SYS [MANUAL] SYMFW
Service C:\WINDOWS\System32\Drivers\SYMIDS.SYS [MANUAL] SYMIDS
Service C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys [MANUAL] SYMIDSCO
Service C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [MANUAL] SYMNDIS
Service C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [MANUAL] SYMREDRV
Service C:\WINDOWS\System32\Drivers\SYMTDI.SYS [SYSTEM] SYMTDI
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service C:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf
Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update
Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost
Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\WINDOWS\System32\DRIVERS\usbohci.sys [MANUAL] usbohci
Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time
Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient
Service C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [AUTO] WebrootSpySweeperService
Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service [MANUAL] Winsock - Google Desktop Search Backup Before First Install
Service [MANUAL] Winsock - Google Desktop Search Backup Before Last Install
Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc
Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC
Service C:\WINDOWS\system32\DRIVERS\xmasbus.sys [BOOT] xmasbus
Service C:\WINDOWS\System32\Drivers\xmasscsi.sys [BOOT] xmasscsi
Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov
---- EOF - GMER 1.0.10 ----
Złączono Posta : 01.08.2006 (Wto) 21:10
W końcu się udało
Już po prawidłowym działaniu Killboxem został usunięty Trojan.
Ale zrobiłem do końca tak jak pisałeś… więc wkleiłem logi.
Mam tylko pytania:
-
co to jest Windows Woorms Door Cleaner ?? to chodzi w tle czy jak dopiero włączę ?? to jest w ogóle potrzebne??
-
po co robiłem to fix.reg ??
Na koniec dziękuję za pomoc i szczególnie za cierpliwość… do moich poczynań z kompem
DZIĘKI
małe narzędzie, które pozamyka popularne porty wykorzystywane przez robaki internetowe
aby skasować, wpis w rejestrze, w naszym wypadku przywróciliśmy orginalną wartość dla Userinit = C:\windows\system32\userinit.exe