Błąd services i IE - komputer zwolnił .Infekcja

luki1 · 19 Maj 2007 16:09

Witam .

Mam zainfekowany komputer. Kaspersky On-line wykrył 5 wirusów które usunałem przy pomocy KillBoxa . Nie wiem czy coś pozostało ale raczej na pewno . Ewido za kazdym razem wykrywa coś takiego i nie potrafi usunąć:

Name: Worm.Zhelatin.aj

Kilka razy wyskoczył mi błąd internet eksplorer i services po czym komputer zaczą odliczaie i zresetował się .

Usunąłem z dysku w trybie awaryjnym plik o nazwie fbafbacb8_s.dll bo tak poradził mi pewien user w innym temacie który został usuniety.

Wklejam ponownie logi z Ht i combofix do kontroli i proszę o analizę.

Logfile of HijackThis v1.99.1

Scan saved at 18:06:04, on 2007-05-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\PLANET\Plannet Wireless Lan Configure Utility\RtlWake.exe

C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\programy_uzytkowe\programy antyspy\Hijack\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - Startup: Brightness Controller.lnk = C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe

O4 - Global Startup: WL-8303.lnk = C:\Program Files\PLANET\Plannet Wireless Lan Configure Utility\RtlWake.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O15 - Trusted Zone: http://mks.com.pl

O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Madzia - 07-05-19 18:08:09,78 Dodatek Service Pack 2

Gutek · 19 Maj 2007 16:11

HJT Ok - Skan AVG Anti-Spyware 7.5 po update

luki1 · 19 Maj 2007 16:47

Zainstalowałem AVG Anti-Spyware ale nie dam rady go uruchomić . Za każdym razem gdy próbuję to komputer się resetuje . Pórbowałem kilka razy i za każdym razem tak samo .Ewido On line dalej wykrywa Name: Worm.Zhelatin.aj

Co mogę jeszcze zrobić?

W tej chwili po kolejnej próbie uruchomienia AVG komputer cały czas się resetuje , włącza się i wyłącza samoczynnie . Przy uruchamianiu zastartowałem do trybu awaryjnego

Nie wiem co mam robić.

Gutek · 19 Maj 2007 17:23

Odinsatluj AVG w trybie awaryjnym. Dokończyć skanerami online - Skanery do wyboru

luki1 · 19 Maj 2007 17:24

Po skanie ewido on-line w trybie awaryjnym znalazł już coś innego :

Name: TrackingCookie.Gemius

Path: C:\Documents and Settings\Madzia\Cookies\madzia@hit.gemius[2].txt

Risk: Medium

Name: Trojan.Tibs.w

Path: C:\WINDOWS\system32\wincom32.sys

Risk: High

A mam skanować w trybie awaryjnym czy przejsć do normalnego . Wyłączyłem przywracanie systemu - czy dobrze?

Gutek · 19 Maj 2007 17:31

Pobierz Gmer

Rootkit=>szukaj=>bez zaznaczania pokaż wszystko=> Ctrl + V do posta wklej
Rootkit => zaznaczone tylko Pokazuj wszystko + Usługi => Szukaj => Kopiuj => Ctrl + V do posta wklej

luki1 · 19 Maj 2007 19:30

GMER 1.0.12.12244 - http://www.gmer.net

Rootkit scan 2007-05-19 21:26:36

Windows 5.1.2600 Dodatek Service Pack 2



---- System - GMER 1.0.12 ----


SSDT \??\C:\WINDOWS\system32\windev-55df-2c97.sys ZwEnumerateKey <-- ROOTKIT !

SSDT \??\C:\WINDOWS\system32\windev-55df-2c97.sys ZwEnumerateValueKey <-- ROOTKIT !

SSDT \??\C:\WINDOWS\system32\windev-55df-2c97.sys ZwQueryDirectoryFile <-- ROOTKIT !


---- Kernel code sections - GMER 1.0.12 ----


? C:\WINDOWS\System32\DRIVERS\update.sys                                                                   


---- Devices - GMER 1.0.12 ----


Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_DEVICE_CONTROL [F3E6C7A0] windev-55df-2c97.sys

Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_DEVICE_CONTROL [F3E6C7A0] windev-55df-2c97.sys

Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_DEVICE_CONTROL [F3E6C7A0] windev-55df-2c97.sys


---- Services - GMER 1.0.12 ----


Service C:\WINDOWS\system32\windev-55df-2c97.sys ( ***hidden*** ) [AUTO] windev-55df-2c97 <-- ROOTKIT !


---- Registry - GMER 1.0.12 ----


Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-55DF-2C97                                 

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-55DF-2C97@NextInstance 1

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@Service windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@DeviceDesc windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000\Control@ActiveService windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@Service windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@DeviceDesc windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDEV-55DF-2C97@NextInstance 1

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97                                         

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@Type 1

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@Start 2

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@ErrorControl 1

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97\Enum@0 Root\LEGACY_WINDEV-55DF-2C97\0000

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDEV-55DF-2C97                                 

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDEV-55DF-2C97@NextInstance 1

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@Service windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@DeviceDesc windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDEV-55DF-2C97@NextInstance 1

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97                                         

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97@Type 1

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97@Start 2

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97@ErrorControl 1

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-55DF-2C97                             

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-55DF-2C97@NextInstance 1

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@Service windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@DeviceDesc windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000\Control@ActiveService windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@Service windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-55DF-2C97\0000@DeviceDesc windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDEV-55DF-2C97@NextInstance 1

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97                                     

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@Type 1

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@Start 2

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@ErrorControl 1

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@DisplayName windev-55df-2c97

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97\Enum@0 Root\LEGACY_WINDEV-55DF-2C97\0000

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@ImagePath \??\C:\WINDOWS\system32\windev-55df-2c97.sys

Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\windev-55df-2c97@DisplayName windev-55df-2c97


---- Files - GMER 1.0.12 ----


File C:\WINDOWS\system32\windev-55df-2c97.sys <-- ROOTKIT !

File C:\WINDOWS\system32\windev-peers.ini                                                                     

ADS D:\muzyka\Nowy folder\Sumptuastic - Ju:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}                            

ADS D:\muzyka\Nowy folder\Sumptuastic - Moja si:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}                       

ADS D:\muzyka\Nowy folder\Sumptuastic - Zanim za:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}                      

ADS D:\Tapety i zdjecia\Filmiki i fotki z Madzi:SummaryInformation                                          

ADS D:\Tapety i zdjecia\Filmiki i fotki z Madzi:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}                       


---- EOF - GMER 1.0.12 ----

[/code]

[color=darkblue][size=75]Złączono Posta: 19.05.2007 (Sob) 21:32[/size][/color]

usługi + pokazuj wszytsko

GMER 1.0.12.12244 - http://www.gmer.net

Rootkit scan 2007-05-19 21:29:25

Windows 5.1.2600 Dodatek Service Pack 2

---- Services - GMER 1.0.12 ----

Service [sYSTEM] Aavmker4

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI

Service [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\System32\svchost.exe [AUTO] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service C:\WINDOWS\System32\DRIVERS\amdk7.sys [sYSTEM] AmdK7

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service [AUTO] aswMon2

Service [sYSTEM] aswTdi

Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv

Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub

Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus

Service BattC

Service [sYSTEM] Beep

Service C:\WINDOWS\System32\svchost.exe [DISABLED] BITS

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Browser

Service [DISABLED] cbidf2k

Service [DISABLED] cd20xrnt

Service [sYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom

Service [sYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [DISABLED] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service [DISABLED] CmdIde

Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service C:\WINDOWS\System32\drivers\ctac32k.sys [MANUAL] ctac32k

Service C:\WINDOWS\system32\drivers\ctaud2k.sys [MANUAL] ctaud2k

Service System32\drivers\ctdvda2k.sys [MANUAL] ctdvda2k

Service C:\WINDOWS\System32\DRIVERS\ctljystk.sys [MANUAL] ctljystk

Service C:\WINDOWS\System32\drivers\ctprxy2k.sys [MANUAL] ctprxy2k

Service C:\WINDOWS\System32\drivers\ctsfm2k.sys [MANUAL] ctsfm2k

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk

Service C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [MANUAL] Diskeeper

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload

Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\System32\drivers\emupia2k.sys [MANUAL] emupia

Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [DISABLED] FastUserSwitchingCompatibility

Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc

Service [sYSTEM] Fips

Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk

Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr

Service [sYSTEM] Fs_Rec

Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk

Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\WINDOWS\system32\drivers\ha10kx2k.sys [MANUAL] ha10kx2k

Service C:\WINDOWS\System32\drivers\hap16v2k.sys [MANUAL] hap16v2k

Service C:\WINDOWS\System32\svchost.exe [DISABLED] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service [DISABLED] hpn

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service [sYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt

Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi

Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service [DISABLED] IntelIde

Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw

Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec

Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp

Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [bOOT] KSecDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] lanmanserver

Service C:\WINDOWS\System32\svchost.exe [MANUAL] lanmanworkstation

Service [sYSTEM] lbrtfdc

Service ldap

Service LicenseService

Service C:\WINDOWS\System32\svchost.exe [DISABLED] LmHosts

Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger

Service [sYSTEM] mnmdd

Service C:\WINDOWS\System32\mnmsrvc.exe [DISABLED] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass

Service [bOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb

Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC

Service [sYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service [bOOT] Mup

Service [bOOT] NDIS

Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio

Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS

Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Service C:\WINDOWS\System32\lsass.exe [DISABLED] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla

Service [sYSTEM] Npfs

Service [DISABLED] Ntfs

Service C:\WINDOWS\System32\lsass.exe [DISABLED] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [sYSTEM] Null

Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv

Service C:\WINDOWS\System32\nvsvc32.exe [MANUAL] NVSvc

Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\WINDOWS\system32\drivers\ctoss2k.sys [MANUAL] ossrv

Service PageDefrag

Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport

Service [bOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI

Service [sYSTEM] PCIDump

Service [DISABLED] PCIIde

Service [DISABLED] Pcmcia

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\drivers\PfModNT.sys [AUTO] PfModNT

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\System32\lsass.exe [DISABLED] PolicyAgent

Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched

Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service [AUTO] QTYHRWSH

Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd

Service C:\WINDOWS\System32\svchost.exe [DISABLED] RasAuto

Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD

Service RDPDD

Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [DISABLED] RDSessMgr

Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook

Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry

Service RPCKDM

Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\System32\rsvp.exe [DISABLED] RSVP

Service C:\WINDOWS\System32\DRIVERS\RTL8180.SYS [MANUAL] rtl8180

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [DISABLED] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [DISABLED] Schedule

Service ScsiPort

Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv

Service C:\WINDOWS\System32\svchost.exe [DISABLED] seclogon

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum

Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial

Service [sYSTEM] Sfloppy

Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [DISABLED] Spooler

Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr

Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\System32\svchost.exe [DISABLED] SSDPSRV

Service C:\WINDOWS\System32\svchost.exe [DISABLED] stisvc

Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv

Service swwd

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [DISABLED] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [DISABLED] TermService

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [MANUAL] TrkWks

Service TSDDD

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\system32\wdfmgr.exe [DISABLED] UMWdf

Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost

Service C:\WINDOWS\System32\ups.exe [DISABLED] UPS

Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci

Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR

Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci

Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave

Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys [bOOT] viaagp1

Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde

Service [bOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe [DISABLED] VSS

Service VXD

Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time

Service W3SVC

Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\System32\svchost.exe [DISABLED] WebClient

Service C:\WINDOWS\system32\wfquvbmb.vvc [AUTO] WFQUVBMB

Service C:\WINDOWS\system32\wincom32.sys [AUTO] wincom32

Service C:\WINDOWS\system32\windev-55df-2c97.sys (*** hidden *** ) [AUTO] windev-55df-2c97 <-- ROOTKIT

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service WinSock2

Service WinTrust

Service C:\WINDOWS\system32\MsPMSPSv.exe [DISABLED] WMDM PMSP Service

Service C:\WINDOWS\System32\svchost.exe [DISABLED] WmdmPmSN

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi

Service WmiApRpl

Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL

Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] wuauserv

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov

Service {36AE7FDD-8C9D-499F-BE75-88E9CD982069}

---- EOF - GMER 1.0.12 ----

Gutek · 19 Maj 2007 22:23

Otwierasz Gmera i w zakładce CMD dla opcji CMD wklejasz:

i kliknij na Uruchom z prawej strony.

Po tym nowy log z Gmera

luki1 · 20 Maj 2007 05:22

Po wklejeniu tego tak opisane wyżej i po naciśnieciu Uruchom pulpit znikną i pojawił się trzykrotnie komunikat:

Delete Service: Parametr jest niepoprawny.

a natępnie komunikaty :

Wystąpił błąd nr. 0x0000034 w czasie kasowania pliku… i tu chyba każdy z tych wartości podanych wyżej po kolei. Osobny komunikat dla kazdej wartości.

Pulpit już nie wrócił i nic nie dało się zrobić jak tylko reset.

Nie wiem czy coś to pomogło . Wklejam nowe logi z Gmara całość i tylko z usługami tak jak poprzednio.

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-05-20 07:19:37 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\svchost.exe [AUTO] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\System32\DRIVERS\amdk7.sys [sYSTEM] AmdK7 Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service [AUTO] aswMon2 Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [DISABLED] BITS Service C:\WINDOWS\System32\svchost.exe [MANUAL] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [DISABLED] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service C:\WINDOWS\System32\drivers\ctac32k.sys [MANUAL] ctac32k Service C:\WINDOWS\system32\drivers\ctaud2k.sys [MANUAL] ctaud2k Service System32\drivers\ctdvda2k.sys [MANUAL] ctdvda2k Service C:\WINDOWS\System32\DRIVERS\ctljystk.sys [MANUAL] ctljystk Service C:\WINDOWS\System32\drivers\ctprxy2k.sys [MANUAL] ctprxy2k Service C:\WINDOWS\System32\drivers\ctsfm2k.sys [MANUAL] ctsfm2k Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [MANUAL] Diskeeper Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\drivers\emupia2k.sys [MANUAL] emupia Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [DISABLED] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\system32\drivers\ha10kx2k.sys [MANUAL] ha10kx2k Service C:\WINDOWS\System32\drivers\hap16v2k.sys [MANUAL] hap16v2k Service C:\WINDOWS\System32\svchost.exe [DISABLED] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] lanmanserver Service C:\WINDOWS\System32\svchost.exe [MANUAL] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [DISABLED] LmHosts Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [DISABLED] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [DISABLED] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [DISABLED] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\System32\nvsvc32.exe [MANUAL] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\system32\drivers\ctoss2k.sys [MANUAL] ossrv Service PageDefrag Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\PfModNT.sys [AUTO] PfModNT Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [DISABLED] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service [AUTO] QTYHRWSH Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [DISABLED] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [DISABLED] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service RPCKDM Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [DISABLED] RSVP Service C:\WINDOWS\System32\DRIVERS\RTL8180.SYS [MANUAL] rtl8180 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [DISABLED] SCardSvr Service C:\WINDOWS\System32\svchost.exe [DISABLED] Schedule Service ScsiPort Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [DISABLED] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [DISABLED] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [DISABLED] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service swwd Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [DISABLED] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [DISABLED] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [MANUAL] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [DISABLED] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [DISABLED] UPS Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys [bOOT] viaagp1 Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [DISABLED] VSS Service VXD Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [DISABLED] WebClient Service C:\WINDOWS\system32\wfquvbmb.vvc [AUTO] WFQUVBMB Service C:\WINDOWS\system32\wincom32.sys [AUTO] wincom32 Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\system32\MsPMSPSv.exe [DISABLED] WMDM PMSP Service Service C:\WINDOWS\System32\svchost.exe [DISABLED] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {36AE7FDD-8C9D-499F-BE75-88E9CD982069} ---- EOF - GMER 1.0.12 ----

Gutek · 20 Maj 2007 06:19

Otwierasz Gmera i w zakładce CMD dla opcji CMD wklejasz:

i kliknij na Uruchom z prawej strony.

luki1 · 20 Maj 2007 07:56

Ponownie to samo : wyskakuje komunikat :

Delete service Parametr jest nieprawidłowy.

Wklejam całość tak jak napisane w zakładce CMD z zaznaczoną opcją CMD.exe i naciskam Uruchom z prawej strony . Pulpit znika wyskakuje ten komunikat i nic więcej nie można zrobić. Może jest jakiś inny sposób żeby to usunąć . Wklejam ponownie logi.

Złączono Posta : 20.05.2007 (Nie) 10:28

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-05-20 10:25:16 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\svchost.exe [AUTO] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\System32\DRIVERS\amdk7.sys [sYSTEM] AmdK7 Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service [AUTO] aswMon2 Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [DISABLED] BITS Service C:\WINDOWS\System32\svchost.exe [MANUAL] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [DISABLED] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service C:\WINDOWS\System32\drivers\ctac32k.sys [MANUAL] ctac32k Service C:\WINDOWS\system32\drivers\ctaud2k.sys [MANUAL] ctaud2k Service System32\drivers\ctdvda2k.sys [MANUAL] ctdvda2k Service C:\WINDOWS\System32\DRIVERS\ctljystk.sys [MANUAL] ctljystk Service C:\WINDOWS\System32\drivers\ctprxy2k.sys [MANUAL] ctprxy2k Service C:\WINDOWS\System32\drivers\ctsfm2k.sys [MANUAL] ctsfm2k Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [MANUAL] Diskeeper Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\drivers\emupia2k.sys [MANUAL] emupia Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [DISABLED] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\system32\drivers\ha10kx2k.sys [MANUAL] ha10kx2k Service C:\WINDOWS\System32\drivers\hap16v2k.sys [MANUAL] hap16v2k Service C:\WINDOWS\System32\svchost.exe [DISABLED] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] lanmanserver Service C:\WINDOWS\System32\svchost.exe [MANUAL] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [DISABLED] LmHosts Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [DISABLED] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [DISABLED] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [DISABLED] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\System32\nvsvc32.exe [MANUAL] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\system32\drivers\ctoss2k.sys [MANUAL] ossrv Service PageDefrag Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\PfModNT.sys [AUTO] PfModNT Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [DISABLED] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service [AUTO] QTYHRWSH Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [DISABLED] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [DISABLED] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service RPCKDM Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [DISABLED] RSVP Service C:\WINDOWS\System32\DRIVERS\RTL8180.SYS [MANUAL] rtl8180 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [DISABLED] SCardSvr Service C:\WINDOWS\System32\svchost.exe [DISABLED] Schedule Service ScsiPort Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [DISABLED] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [DISABLED] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [DISABLED] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service swwd Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [DISABLED] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [DISABLED] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [MANUAL] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [DISABLED] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [DISABLED] UPS Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys [bOOT] viaagp1 Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [DISABLED] VSS Service VXD Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [DISABLED] WebClient Service C:\WINDOWS\system32\wfquvbmb.vvc [AUTO] WFQUVBMB Service C:\WINDOWS\system32\wincom32.sys [AUTO] wincom32 Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\system32\MsPMSPSv.exe [DISABLED] WMDM PMSP Service Service C:\WINDOWS\System32\svchost.exe [DISABLED] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {36AE7FDD-8C9D-499F-BE75-88E9CD982069} ---- EOF - GMER 1.0.12 ----

Gutek · 20 Maj 2007 17:09

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

luki1 · 20 Maj 2007 17:45

Zrobiłem wszystko jak napisałeś . Wklejam loga który się wygenerował . Napisz prosze co mam jeszcze wkleić aby sprawdzić czy pomogło.

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\bhkyrudq ******************* Script file located at: ??\C:\Program Files\xhprymfg.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Driver WFQUVBMB unloaded successfully. Driver wincom32 unloaded successfully. File C:\WINDOWS\system32\wfquvbmb.vvc not found! Deletion of file C:\WINDOWS\system32\wfquvbmb.vvc failed! Could not process line: C:\WINDOWS\system32\wfquvbmb.vvc Status: 0xc0000034 File C:\WINDOWS\system32\wincom32.sys not found! Deletion of file C:\WINDOWS\system32\wincom32.sys failed! Could not process line: C:\WINDOWS\system32\wincom32.sys Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.

Gutek · 20 Maj 2007 17:50

Użyj RootkitBusterv - http://www.trendmicro.com/download/rbuster.asp

luki1 · 20 Maj 2007 18:02

Użyłem tego narzędzia i oto log :

Czyli wychodzi chyba że czysto ale zastanawia mnie jeszcze jedna rzecz. Zawsze miałem po włączeniu komputera (przed infekcją) 20 uruchomionych procesów. Jak wyłączyłem przywracanie systemu to było 19. Jest dalej wyłączone a procesów jest 20 jak włączę będzie 21 nie wiem dlaczego . Czy któreś z tych narzędzi co używałem ma zainstalowany lub uruchomiony jakiś proces? Czy poprostu jeszcze o czymś nie wiemy? Czy te narzędzia muszę wszystkie pozostawić już u siebie w komputerze czy mogę je spokojnie usunąć? Czy w/g Ciebie Gutek2222 mój komputer jest już czysty?

Złączono Posta : 20.05.2007 (Nie) 20:36

wklejam dodatkowo nowe logi z Combo i Gmera

Madzia - 07-05-20 20:19:29,15 Dodatek Service Pack 2 ComboFix 06.11.27 - Running from: “D:\programy_uzytkowe\programy antyspy” ((((((((((((((((((((((((((((((( Files Created from 2007-04-20 to 2007-05-20 )))))))))))))))))))))))))))))))))) 2007-05-20 19:52 102,800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-20 19:31 2007-05-20 06:43 198 --a------ C:\WINDOWS\gmer.bat 2007-05-19 19:33 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-05-19 18:56 2007-05-17 20:23 2007-05-16 20:25 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-20 13:47 -------- d-------- C:\Program Files\SpywareBlaster 2007-05-10 19:51 -------- d-------- C:\Program Files\SkanerOnline 2007-04-30 17:46 745600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-30 17:41 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 17:41 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 17:38 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 17:37 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 17:35 95872 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-15 13:38 -------- d-------- C:\Program Files\MIKSOFT 2007-04-13 15:54 18480 --a------ C:\Documents and Settings\Madzia\Dane aplikacji\GDIPFONTCACHEV1.DAT (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000004 [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] “{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Moduł wstępnego ładowania interfejsu Browseui” “{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Demon buforu kategorii składników” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”="" “legalnoticetext”="" “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 “DisableTaskMgr”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “PostBootReminder”="{7849596a-48ea-486e-8937-a2a3009f31a9}" “CDBurn”="{fbeb8a05-beee-4442-804e-409d6c4515e9}" “WebCheck”="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" “SysTray”="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk” “backup”=“C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l” “item”=“Microsoft Office” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“ctfmon” “hkey”=“HKCU” “command”=“C:\WINDOWS\system32\ctfmon.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“CTHELPER” “hkey”=“HKLM” “command”=“CTHELPER.EXE” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“ADGJDet” “hkey”=“HKLM” “command”="“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“dumprep 0 -k” “hkey”=“HKLM” “command”="%systemroot%\system32\dumprep 0 -k" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“nod32kui” “hkey”=“HKLM” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“nwiz” “hkey”=“HKLM” “command”=“nwiz.exe /install” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“UpdReg” “hkey”=“HKLM” “command”=“C:\WINDOWS\UpdReg.EXE” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “Spooler”=dword:00000002 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” Completion time: 07-05-20 20:19:47.12 C:\ComboFix.txt … 07-05-20 20:19

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-05-20 20:32:39 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\svchost.exe [AUTO] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\System32\DRIVERS\amdk7.sys [sYSTEM] AmdK7 Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service [AUTO] aswMon2 Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [DISABLED] BITS Service C:\WINDOWS\System32\svchost.exe [MANUAL] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [DISABLED] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service C:\WINDOWS\System32\drivers\ctac32k.sys [MANUAL] ctac32k Service C:\WINDOWS\system32\drivers\ctaud2k.sys [MANUAL] ctaud2k Service System32\drivers\ctdvda2k.sys [MANUAL] ctdvda2k Service C:\WINDOWS\System32\DRIVERS\ctljystk.sys [MANUAL] ctljystk Service C:\WINDOWS\System32\drivers\ctprxy2k.sys [MANUAL] ctprxy2k Service C:\WINDOWS\System32\drivers\ctsfm2k.sys [MANUAL] ctsfm2k Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [MANUAL] Diskeeper Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\drivers\emupia2k.sys [MANUAL] emupia Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [DISABLED] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\system32\drivers\ha10kx2k.sys [MANUAL] ha10kx2k Service C:\WINDOWS\System32\drivers\hap16v2k.sys [MANUAL] hap16v2k Service C:\WINDOWS\System32\svchost.exe [DISABLED] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] lanmanserver Service C:\WINDOWS\System32\svchost.exe [MANUAL] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [DISABLED] LmHosts Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [DISABLED] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [DISABLED] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [DISABLED] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\System32\nvsvc32.exe [MANUAL] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\system32\drivers\ctoss2k.sys [MANUAL] ossrv Service PageDefrag Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\PfModNT.sys [AUTO] PfModNT Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [DISABLED] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service [AUTO] QTYHRWSH Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [DISABLED] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [DISABLED] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service RPCKDM Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [DISABLED] RSVP Service C:\WINDOWS\System32\DRIVERS\RTL8180.SYS [MANUAL] rtl8180 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [DISABLED] SCardSvr Service C:\WINDOWS\System32\svchost.exe [DISABLED] Schedule Service ScsiPort Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [DISABLED] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [DISABLED] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [DISABLED] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service swwd Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [DISABLED] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [DISABLED] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [MANUAL] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [DISABLED] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [DISABLED] UPS Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys [bOOT] viaagp1 Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [DISABLED] VSS Service VXD Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [DISABLED] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\system32\MsPMSPSv.exe [DISABLED] WMDM PMSP Service Service C:\WINDOWS\System32\svchost.exe [DISABLED] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {36AE7FDD-8C9D-499F-BE75-88E9CD982069} ---- EOF - GMER 1.0.12 ----

Złączono Posta : 20.05.2007 (Nie) 20:48

Gutek · 21 Maj 2007 14:33

Już jest OK