Avast nie moze usunać trojana

rafalski · 25 Kwiecień 2007 14:11

Avast wykrył mi trojana, niby go usunął, ale komputer otwiera mi jakieś dziwne strony. Z góry dziękuje i pozdrawiam!

Logfile of HijackThis v1.99.1

Scan saved at 16:08:40, on 2007-04-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Zabezpieczenia\Avast4\aswUpdSv.exe

C:\Program Files\Zabezpieczenia\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Zabezpieczenia\Avast4\ashMaiSv.exe

C:\Program Files\Zabezpieczenia\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe

C:\PROGRA~1\ZABEZP~1\Avast4\ashDisp.exe

C:\PROGRA~1\ZABEZP~1\ZONEAL~1\zlclient.exe

C:\PROGRA~1\ZABEZP~1\AD-AWA~1\Ad-Watch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Przydatne aplikacje\Spamihilator\spamihilator.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

C:\Program Files\USB Phone\USB Driver\USB Phone Driver.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Zabezpieczenia\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ZABEZP~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZABEZP~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\ZABEZP~1\AD-AWA~1\Ad-Watch.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\kupfrokb.dll",setvm

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Przydatne aplikacje\Spamihilator\spamihilator.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - Startup: USB Phone Driver Startup.lnk = ?

O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Zabezpieczenia\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Zabezpieczenia\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Zabezpieczenia\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Zabezpieczenia\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[quote][/quote]

Gutek · 25 Kwiecień 2007 14:14

usuń wpis HJT, a plik ręcznie

Użyj VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone.

Daj log z Combofix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

rafalski · 25 Kwiecień 2007 20:49

"Rafa" - 07-04-25 22:39:19 Dodatek Service Pack 2

adam9870 · 25 Kwiecień 2007 21:05

Ściągnij program KillBox, zaznacz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\system32\prutv.bak1

C:\WINDOWS\system32\doscubuo.dll

C:\WINDOWS\system32\vturp.dll.vir

C:\WINDOWS\system32\nnnlljj.dll.vir

C:\WINDOWS\system32\dvcstatebkp-{00000000-00000000-0000000a-00001102-00000002-80661102}.dat

C:\WINDOWS\system32\dvcstate-{00000000-00000000-0000000a-00001102-00000002-80661102}.dat

C:\WINDOWS\system32\foqaudkq.dll

C:\WINDOWS\system32\jdmlbxit.dll

C:\WINDOWS\system32\mllji.dll

Po wklejeniu każdej ścieżki z osobna kliknoj na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgódź się na restart. Jeśli po wklejeniu którejś ze ścieżek pojawi się jakiś błąd, nie przejmuj się nim tylko przejdź do wykonywania dalszych czynności.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Przeskanuj ten plik na stronie http://virusscan.jotti.org/ i http://www.virustotal.com/ oraz sprawdź jego właściwości.

Po wykonaniu pokaż nowy log z ComboFix’a plus dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

rafalski · 25 Kwiecień 2007 22:12

"Rafa" - 07-04-25 23:51:39 Dodatek Service Pack 2  

ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Rafa\Pulpit\"



((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))



2007-04-25 23:42	288	--a------	C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80661102}.dat

2007-04-25 23:42	288	--a------	C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80661102}.dat

2007-04-25 23:24	




...a gmer dopiero gmera 



[color=darkblue][size=75][i][b]Złączono Posta[/b]: 26.04.2007 (Czw) 0:25[/i][/size][/color]

[code]GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-04-26 00:24:49 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT ??\C:\WINDOWS\system32\vsdatant.sys ZwConnectPort SSDT ??\C:\WINDOWS\system32\vsdatant.sys ZwOpenProcess ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINDOWS\System32\DRIVERS\update.sys ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Nie można odnaleźć określonego pliku. ---- User code sections - GMER 1.0.12 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 009BF205 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 00B4FEBF C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 00B4FE40 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 00B4FE84 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 00B4FDCC C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 00B4FE06 C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 00B4FEFA C:\WINDOWS\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 009E15DA C:\WINDOWS\system32\IEFRAME.dll ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [ECA17E90] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [ECA17E90] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [ECA17E90] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [ECA17E90] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [ECA17E90] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [ECA17E90] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [ECA17E90] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [ECA17E90] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [ECA17E90] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [ECA17E90] vsdatant.sys Device \Driver\AFD \Device\Afd IRP_MJ_CREATE [ECA11B50] vsdatant.sys Device \Driver\AFD \Device\Afd IRP_MJ_CLOSE [ECA11B50] vsdatant.sys Device \Driver\AFD \Device\Afd IRP_MJ_DEVICE_CONTROL [ECA11B50] vsdatant.sys Device \Driver\AFD \Device\Afd FastIoDeviceControl [ECA11510] vsdatant.sys ---- EOF - GMER 1.0.12 ----
Złączono Posta : 26.04.2007 (Czw) 0:27

GMER 1.0.12.12244 - http://www.gmer.net

Rootkit scan 2007-04-26 00:27:36

Windows 5.1.2600 Dodatek Service Pack 2



---- Services - GMER 1.0.12 ----


Service .NET CLR Data

Service .NET CLR Networking

Service .NET Data Provider for Oracle

Service .NET Data Provider for SqlServer

Service .NETFramework

Service [SYSTEM] Aavmker4

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI

Service [DISABLED] ACPIEC

Service C:\WINDOWS\system32\drivers\actser.sys [MANUAL] actser

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\system32\drivers\Afc.sys [MANUAL] Afc

Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service [SYSTEM] Asapi

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service ASP.NET

Service ASP.NET_1.1.4322

Service ASP.NET_2.0.50727

Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state

Service [AUTO] aswMon2

Service [MANUAL] aswRdr

Service [SYSTEM] aswTdi

Service C:\Program Files\Zabezpieczenia\Avast4\aswUpdSv.exe [AUTO] aswUpdSv

Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub

Service C:\Program Files\Zabezpieczenia\Avast4\ashServ.exe [AUTO] avast! Antivirus

Service C:\Program Files\Zabezpieczenia\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner

Service C:\Program Files\Zabezpieczenia\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner

Service BattC

Service [SYSTEM] Beep

Service C:\WINDOWS\System32\svchost.exe [AUTO] BITS

Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser

Service [DISABLED] cbidf2k

Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE

Service [DISABLED] cd20xrnt

Service [SYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom

Service [SYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32

Service [DISABLED] CmdIde

Service C:\WINDOWS\system32\drivers\cmuda.sys [MANUAL] cmuda

Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\svchost.exe [MANUAL] CryptSvc

Service C:\WINDOWS\System32\drivers\ctac32k.sys [MANUAL] ctac32k

Service C:\WINDOWS\system32\drivers\ctaud2k.sys [MANUAL] ctaud2k

Service System32\drivers\ctdvda2k.sys [MANUAL] ctdvda2k

Service C:\WINDOWS\System32\DRIVERS\ctljystk.sys [MANUAL] ctljystk

Service C:\WINDOWS\System32\drivers\ctprxy2k.sys [MANUAL] ctprxy2k

Service C:\WINDOWS\System32\drivers\ctsfm2k.sys [MANUAL] ctsfm2k

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys [DISABLED] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys [DISABLED] dmload

Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\System32\drivers\emupia2k.sys [MANUAL] emupia

Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc

Service C:\WINDOWS\System32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS

Service [SYSTEM] Fips

Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk

Service C:\WINDOWS\system32\drivers\fltmgr.sys [BOOT] FltMgr

Service [SYSTEM] Fs_Rec

Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk

Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service F:\INSTALL\GMSIPCI.SYS [MANUAL] GMSIPCI

Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\WINDOWS\system32\drivers\ha10kx2k.sys [MANUAL] ha10kx2k

Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi

Service C:\WINDOWS\System32\drivers\hap16v2k.sys [MANUAL] hap16v2k

Service C:\WINDOWS\System32\svchost.exe [MANUAL] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb

Service [DISABLED] hpn

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service C:\WINDOWS\System32\Drivers\hwinterface.sys [SYSTEM] hwinterface

Service [SYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt

Service C:\WINDOWS\System32\Drivers\IcRecUsb.sys [AUTO] IcRecUsb

Service C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [MANUAL] IDriverT

Service C:\WINDOWS\System32\DRIVERS\imapi.sys [SYSTEM] Imapi

Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService

Service [DISABLED] InCDfs

Service C:\WINDOWS\System32\DRIVERS\InCDPass.sys [SYSTEM] InCDPass

Service [SYSTEM] InCDrec

Service [SYSTEM] incdrm

Service C:\Program [AUTO] InCDsrvR

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service [DISABLED] IntelIde

Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [SYSTEM] intelppm

Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw

Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec

Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp

Service C:\WINDOWS\system32\drivers\iteio.sys [MANUAL] iteio

Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass

Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [SYSTEM] kbdhid

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [BOOT] KSecDD

Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation

Service [SYSTEM] lbrtfdc

Service ldap

Service C:\WINDOWS\system32\LEXBCES.EXE [AUTO] LexBceS

Service LicenseService

Service C:\WINDOWS\System32\svchost.exe [MANUAL] LmHosts

Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM

Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger

Service [SYSTEM] mnmdd

Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass

Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid

Service [BOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb

Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC

Service [SYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE

Service [BOOT] Mup

Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC

Service [BOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP

Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio

Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS

Service C:\WINDOWS\System32\DRIVERS\netbt.sys [SYSTEM] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla

Service [SYSTEM] Npfs

Service C:\WINDOWS\system32\NSNDIS5.SYS [MANUAL] NSNDIS5

Service F:\NTACCESS.sys [MANUAL] NTACCESS

Service [DISABLED] Ntfs

Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [SYSTEM] Null

Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv

Service nv4

Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc

Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose

Service C:\WINDOWS\system32\drivers\ctoss2k.sys [MANUAL] ossrv

Service Outlook

Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport

Service [BOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\system32\PCANDIS5.SYS [MANUAL] PCANDIS5

Service C:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI

Service [SYSTEM] PCIDump

Service [DISABLED] PCIIde

Service [DISABLED] Pcmcia

Service C:\WINDOWS\System32\Drivers\pcouffin.sys [MANUAL] pcouffin

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc

Service C:\WINDOWS\system32\drivers\PfModNT.sys [AUTO] PfModNT

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\System32\lsass.exe [MANUAL] PolicyAgent

Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\System32\DRIVERS\processr.sys [SYSTEM] Processor

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched

Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd

Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD

Service RDPDD

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook

Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Schedule

Service ScsiPort

Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv

Service C:\WINDOWS\System32\svchost.exe [MANUAL] seclogon

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\system32\DRIVERS\ser2pl.sys [MANUAL] Ser2pl

Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum

Service C:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial

Service C:\WINDOWS\system32\SetupNT.sys [AUTO] SetupNT

Service F:\NTGLM7X.sys [MANUAL] SetupNTGLM7X

Service [SYSTEM] Sfloppy

Service C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [MANUAL] SG760_XP

Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler

Service C:\WINDOWS\System32\DRIVERS\sr.sys [BOOT] sr

Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV

Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip

Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv

Service swwd

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service TSDDD

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\System32\svchost.exe [MANUAL] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service C:\WINDOWS\system32\drivers\usbaudio.sys [MANUAL] usbaudio

Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys [MANUAL] usbccgp

Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci

Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint

Service C:\WINDOWS\system32\DRIVERS\usbscan.sys [MANUAL] usbscan

Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR

Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci

Service C:\WINDOWS\System32\Drivers\usbvideo.sys [MANUAL] usbvideo

Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave

Service C:\WINDOWS\System32\DRIVERS\viaagp1.sys [BOOT] viaagp1

Service C:\WINDOWS\System32\DRIVERS\viaide.sys [BOOT] ViaIde

Service [BOOT] VolSnap

Service C:\WINDOWS\system32\DRIVERS\vsb.sys [MANUAL] vsbus

Service C:\WINDOWS\system32\vsdatant.sys [AUTO] vsdatant

Service C:\WINDOWS\System32\DRIVERS\vserial.sys [MANUAL] vserial

Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe [AUTO] vsmon

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service VxD

Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time

Service W3SVC

Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [MANUAL] wceusbsh

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WebClient

Service C:\WINDOWS\system32\drivers\wf88vcap.sys [AUTO] WF23880

Service C:\WINDOWS\system32\drivers\WF88XBAR.sys [AUTO] WF88XBAR

Service C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [MANUAL] WFIOCTL

Service C:\WINDOWS\system32\drivers\WF88TUNE.sys [AUTO] WFTUNE

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service WinSock2

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN

Service Wmi

Service WmiApRpl

Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service C:\Program Files\Windows Media Player\WMPNetwk.exe [MANUAL] WMPNetworkSvc

Service C:\WINDOWS\system32\DRIVERS\wpdusb.sys [MANUAL] WpdUsb

Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc

Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC

Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv

Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys [BOOT] WudfPf

Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys [MANUAL] WudfRd

Service C:\WINDOWS\system32\svchost.exe [AUTO] WudfSvc

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov

Service C:\WINDOWS\system32\ZDCndis5.SYS [MANUAL] ZDCndis5

Service C:\WINDOWS\system32\ZDPNDIS5.SYS [MANUAL] ZDPNDIS5

Service F:\jingle ?wiateczne\zlportio.sys [MANUAL] zlportio

Service {3D1E7777-E235-4BA9-BA57-B04F1FB2006E}

Service {4B916FB1-3DDB-4F2E-90E6-B19313710722}

Service {5F868E28-F05D-4189-BEFD-B79D11B2B03B}

Service {99CE175D-212E-445F-A4F7-3BEA74A4BAEB}


---- EOF - GMER 1.0.12 ----

Złączono Posta : 26.04.2007 (Czw) 8:45

Czy już w porządku?

adam9870 · 26 Kwiecień 2007 13:15

Usuń z dysku ręcznie ten plik.

Prosiłem o przeskanowanie tego pliku i podanie wyników oraz sprawdzenie wyników. Gdzie to jest ??

rafalski · 26 Kwiecień 2007 14:44

Nie mogę odnaleźć tego pliku. Chyba nie istnieje.

adam9870 · 26 Kwiecień 2007 15:20

Skoro Combo go listuje to znaczy, że plik znajduje się na dysku, a jedynie posiada atrybut ukryty, systemowy i tylko do odczytu dlatego aby go zobaczyć musisz skorzystać z któregoś z poniżej przedstawionych sposobów.

Wybierz start -> uruchom -> wpisz cmd i kliknij OK -> w konsoli, która się otworzy wydaj następujące polecenie:

ATTRIB -R -S -H C:\WINDOWS\system32\7975db9e1a.sys

Panel sterowania -> Opcje folderów -> zakładka Widok -> zaznacz opcję Pokaż ukryte pliki i foldery oraz odznacz opcję Ukryj chronione pliki systemu operacyjnego (zalecane).

rafalski · 26 Kwiecień 2007 17:46

Service load: 0% 100%  


File: 7975DB9E1A.sys  

Status: OK  

MD5 93b11d553863a23807cce5be8eb008e6  

Packers detected: - 


Scanner results  

Scan taken on 26 Apr 2007 17:35:04 (GMT)  

A-Squared Found nothing 

AntiVir Found nothing 

ArcaVir Found nothing 

Avast Found nothing 

AVG Antivirus Found nothing 

BitDefender Found nothing 

ClamAV Found nothing 

Dr.Web Found nothing 

F-Prot Antivirus Found nothing 

F-Secure Anti-Virus Found nothing 

Fortinet Found nothing 

Kaspersky Anti-Virus Found nothing 

NOD32 Found nothing 

Norman Virus Control Found nothing 

Panda Antivirus Found nothing 

Rising Antivirus Found nothing 

VirusBuster Found nothing 

VBA32 Found nothing

Complete scanning result of "7975DB9E1A.sys", received in VirusTotal at 04.26.2007, 19:38:52 (CET).


Antivirus Version Update Result 

AhnLab-V3 2007.4.26.0 04.26.2007 no virus found 

AntiVir 7.4.0.15 04.26.2007 no virus found 

Authentium 4.93.8 04.26.2007 no virus found 

Avast 4.7.981.0 04.26.2007 no virus found 

AVG 7.5.0.464 04.26.2007 no virus found 

BitDefender 7.2 04.26.2007 no virus found 

CAT-QuickHeal 9.00 04.26.2007 no virus found 

ClamAV devel-20070416 04.26.2007 no virus found 

DrWeb 4.33 04.26.2007 no virus found 

eSafe 7.0.15.0 04.25.2007 no virus found 

eTrust-Vet 30.7.3597 04.26.2007 no virus found 

Ewido 4.0 04.26.2007 no virus found 

FileAdvisor 1 04.26.2007 no virus found 

Fortinet 2.85.0.0 04.26.2007 no virus found 

F-Prot 4.3.2.48 04.25.2007 no virus found 

F-Secure 6.70.13030.0 04.26.2007 no virus found 

Ikarus T3.1.1.5 04.26.2007 no virus found 

Kaspersky 4.0.2.24 04.26.2007 no virus found 

McAfee 5018 04.26.2007 no virus found 

Microsoft 1.2405 04.26.2007 no virus found 

NOD32v2 2221 04.26.2007 no virus found 

Norman 5.80.02 04.26.2007 no virus found 

Panda 9.0.0.4 04.26.2007 no virus found 

Prevx1 V2 04.26.2007 no virus found 

Sophos 4.16.0 04.23.2007 no virus found 

Sunbelt 2.2.907.0 04.19.2007 no virus found 

Symantec 10 04.26.2007 no virus found 

TheHacker 6.1.6.095 04.15.2007 no virus found 

VBA32 3.11.4 04.26.2007 no virus found 

VirusBuster 4.3.7:9 04.26.2007 no virus found 

Webwasher-Gateway 6.0.1 04.26.2007 no virus found 



Aditional Information 

File size: 168 bytes 

MD5: 93b11d553863a23807cce5be8eb008e6 

SHA1: 7130952899071c0989f9e6de834d69b0ec8c36de 


VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. 

> Go to: Home Contactar En Español 

--------------------------------------------------------------------------------

www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info@virustotal.com

adam9870 · 26 Kwiecień 2007 18:18

Według skanów przeprowadzonych na zlinkowanych przeze mnie wcześniej stronach wynika, że ten plik jest w porządku.