Co usunac , bo mam RESET itp

Dla specjalistów Bezpieczeństwo
#1

Witam co mam zrobic9wylaczyc,skasowac) bo komputer mi sie albo zawiesz podczas grania albo gry nie wchodza lub takze przy normlaniej prac w windzie zawiesza sie a takze bardzo wolno ostatnio chodzi! !!

Logfile of HijackThis v1.99.1

Scan saved at 20:35:22, on 2006-07-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Kubus\Dane aplikacji\hidn\hidn2.exe

D:\Program Files\Corel\Graphics9\Register\Remind32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Kubus\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Program Files\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_19.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{272B5914-9284-4AEF-BC65-405E028172B1}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{272B5914-9284-4AEF-BC65-405E028172B1}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS2\Services\Tcpip\..\{272B5914-9284-4AEF-BC65-405E028172B1}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Prosze o dokladnie instrukcjie !!

#2

Na początek zmienić tytuł tematu na konkretny :slight_smile:

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580

Pobierz GMER

  1. Rootkit >>> zaznaczone Pokaż wszystko ale do skanu wskazać tylko Usługi >>> Szukaj >>> Kopiuj >>> CTRL+V do Notatnika

  2. Rootkit >>> nie zaznaczone Pokaż wszystko ale do skanu zaptaszkowane wszystko >>> Szukaj >>> Kopiuj >>> CTRL+V do Notatnika

#3

No a wiec w usulugach nic mi nie wykrylo

no a tu jest wszystko

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2006-07-07 21:20:45

Windows 5.1.2600 Dodatek Service Pack 2



---- System - GMER 1.0.10 ----


SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwCreateFile

SSDT sptd.sys ZwCreateKey

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwEnumerateKey

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwEnumerateValueKey

SSDT sptd.sys ZwOpenKey

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwQueryDirectoryFile

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwQueryKey

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwQuerySystemInformation

SSDT sptd.sys ZwQueryValueKey

SSDT sptd.sys ZwSetValueKey


---- Devices - GMER 1.0.10 ----


Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8239E0E8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8226DC58

Device \Driver\NetBT \Device\NetBT_Tcpip_{B57DC481-98D3-46D9-88D7-EB7CDA65ED38} IRP_MJ_CREATE 81E160E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8239FC78

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8239FC78

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8239FC78

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8239FC78

Device \Driver\00000053 \Device\00000046 IRP_MJ_SYSTEM_CONTROL [F8451EA8] sptd.sys

Device \Driver\00000053 \Device\00000046 IRP_MJ_DEVICE_CHANGE [F8465A70] sptd.sys

Device \Driver\00000053 \Device\00000046 IRP_MJ_PNP_POWER [F845E728] sptd.sys

Device \Driver\00000053 \Device\00000047 IRP_MJ_SYSTEM_CONTROL [F8451EA8] sptd.sys

Device \Driver\00000053 \Device\00000047 IRP_MJ_DEVICE_CHANGE [F8465A70] sptd.sys

Device \Driver\00000053 \Device\00000047 IRP_MJ_PNP_POWER [F845E728] sptd.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8239FEB0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8239FEB0

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CREATE 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CREATE_NAMED_PIPE 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CLOSEIRP_MJ_READ 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_WRITE 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_EA 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_EA 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_FLUSH_BUFFERS 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_VOLUME_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_VOLUME_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_DIRECTORY_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_FILE_SYSTEM_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_DEVICE_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_INTERNAL_DEVICE_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SHUTDOWN [F856795C] sfsync03.sys

Device \Driver\nvatabus \Device\00000065 IRP_MJ_LOCK_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CLEANUP 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CREATE_MAILSLOT 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_SECURITY 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_SECURITY 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_POWER 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SYSTEM_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_DEVICE_CHANGE 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_QUOTA 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_QUOTA 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_PNP 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_PNP_POWER 8239F708

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 81EAAA60

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81FCB6D0

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81FCB6D0

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CREATE 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CREATE_NAMED_PIPE 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CLOSEIRP_MJ_READ 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_WRITE 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_EA 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_EA 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_FLUSH_BUFFERS 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_VOLUME_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_VOLUME_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_DIRECTORY_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_FILE_SYSTEM_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_DEVICE_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_INTERNAL_DEVICE_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SHUTDOWN [F856795C] sfsync03.sys

Device \Driver\nvatabus \Device\00000066 IRP_MJ_LOCK_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CLEANUP 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CREATE_MAILSLOT 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_SECURITY 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_SECURITY 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_POWER 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SYSTEM_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_DEVICE_CHANGE 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_QUOTA 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_QUOTA 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_PNP 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_PNP_POWER 8239F708

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81FCB6D0

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81E160E8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81E160E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{272B5914-9284-4AEF-BC65-405E028172B1} IRP_MJ_CREATE 81E160E8

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8239F450

aha na pocztaku cos mi wysakuje ze mozliwe ze

Process c:\Windows\system32\wintems.exe (***hidden***) wartośc 600

Co mam robic ???

#4

wklej całego loga, ten jest obcięty , miałeś dać też loga z zaznaczonymi: usługi + pokaż wszystko

#5

Miałeś dać dwa logi.

  1. W zakładce Usługi z prawokliku skasować usługę m_hook.

  2. W zakładce CMD dla podopcji CMD wklej ten zestaw komend:

  1. udaj się do zakładki Procesy i kliknąć na opcję Zabij wszystko. Wracasz do CMD i klikasz na Uruchom.

  2. Reset kompa i nowe logi z Gmera.

#6

a wiec tak, tu jest ten log z uslugi , nie wiem czemu mi wczesniej nie pokazal go:

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2006-07-07 21:50:17

Windows 5.1.2600 Dodatek Service Pack 2



---- Services - GMER 1.0.10 ----


Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI

Service [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn

Service C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl

Service C:\WINDOWS\system32\drivers\ALCXSENS.SYS [MANUAL] ALCXSENS

Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service C:\WINDOWS\system32\DRIVERS\amdk7.sys [SYSTEM] AmdK7

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state

Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\system32\Ati2evxx.exe [DISABLED] Ati HotKey Poller

Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart

Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag

Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub

Service [SYSTEM] Beep

Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS

Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser

Service [DISABLED] cbidf2k

Service [DISABLED] cd20xrnt

Service [SYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom

Service [SYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service [DISABLED] CmdIde

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload

Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\System32\Drivers\dtscsi.sys [MANUAL] dtscsi

Service C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [MANUAL] ElbyCDFL

Service C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [AUTO] ElbyCDIO

Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc

Service [SYSTEM] Fips

Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk

Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr

Service [SYSTEM] Fs_Rec

Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk

Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer

Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service [DISABLED] hpn

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service [SYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt

Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi

Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService

Service [DISABLED] ini910u

Service [DISABLED] IntelIde

Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [DISABLED] Ip6Fw

Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec

Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda

Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon

Service C:\WINDOWS\system32\DRIVERS\irsir.sys [MANUAL] irsir

Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp

Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [BOOT] KSecDD

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation

Service [SYSTEM] lbrtfdc

Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger

Service [SYSTEM] mnmdd

Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass

Service [BOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb

Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC

Service [SYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service [BOOT] Mup

Service [BOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio

Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS

Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla

Service [SYSTEM] Npfs

Service [DISABLED] Ntfs

Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [SYSTEM] Null

Service C:\WINDOWS\system32\DRIVERS\nvatabus.sys [BOOT] nvatabus

Service C:\WINDOWS\system32\DRIVERS\nvraid.sys [BOOT] nvraid

Service C:\WINDOWS\system32\DRIVERS\nv_agp.sys [BOOT] nv_agp

Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport

Service [BOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI

Service [SYSTEM] PCIDump

Service C:\WINDOWS\system32\DRIVERS\pciide.sys [BOOT] PCIIde

Service [DISABLED] Pcmcia

Service System32\Drivers\Pcouffin.sys [MANUAL] Pcouffin

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent

Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\system32\DRIVERS\rasirda.sys [MANUAL] Rasirda

Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD

Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry

Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP

Service C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [MANUAL] RTL8023

Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv

Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum

Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial

Service C:\WINDOWS\System32\drivers\sfcure01.sys [MANUAL] sfcure01

Service C:\WINDOWS\System32\drivers\sfdrv01.sys [BOOT] sfdrv01

Service C:\WINDOWS\System32\drivers\sfhlp02.sys [BOOT] sfhlp02

Service [SYSTEM] Sfloppy

Service C:\WINDOWS\System32\drivers\sfsync03.sys [BOOT] sfsync03

Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler

Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd

Service C:\WINDOWS\system32\DRIVERS\sr.sys [BOOT] sr

Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV

Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [AUTO] StarWindService

Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc

Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf

Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci

Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\usbohci.sys [MANUAL] usbohci

Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint

Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR

Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv

Service C:\WINDOWS\System32\Drivers\vaxscsi.sys [MANUAL] vaxscsi

Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave

Service [DISABLED] ViaIde

Service [BOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time

Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi

Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL

Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc

Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov


---- EOF - GMER 1.0.10 ----

a po wpisaniu:

CD C:\WINDOWS\System32 

DEL wintems.exe 

RD /S /Q "C:\Documents and Settings\Kubus\Dane aplikacji\hidn" 

RD /S /Q "C:\Documents and Settings\Kubus\Ustawienia lokalne\Temp" 

RD /S /Q "C:\Documents and Settings\Kubus\Ustawienia lokalne\Temporary Internet Files"

wyskakuje mi :

C:\WINDOWS\system32\wintems.exe

Odmowa dost©pu.

Katalog nie jest pusty.

C:\Documents and Settings\Kubus\Ustawienia lokalne\Temp\Perflib_Perfdata_1e0.dat - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces.

C:\Documents and Settings\Kubus\Ustawienia lokalne\Temp\~DFC69F.tmp - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces.

C:\Documents and Settings\Kubus\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces.

a reszte tamtego loga nie moze mi wyswietlac bo cos chce od stacji dyskietek a ja nie mam i sie komp zawiesza :stuck_out_tongue:

Co dalej ???

#7

w każdym razie usługi rootkita już nie ma, wklej teraz normalnego loga.

#8

prosze , caly log , nie wiem dziwny ten program , teraz mi sie nie zawiesil i calego zrobil :

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2006-07-07 22:06:15

Windows 5.1.2600 Dodatek Service Pack 2



---- System - GMER 1.0.10 ----


SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwCreateFile

SSDT sptd.sys ZwCreateKey

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwEnumerateKey

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwEnumerateValueKey

SSDT sptd.sys ZwOpenKey

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwQueryDirectoryFile

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwQueryKey

SSDT \??\C:\Documents and Settings\Kubus\Dane aplikacji\hidn\m_hook.sys ZwQuerySystemInformation

SSDT sptd.sys ZwQueryValueKey

SSDT sptd.sys ZwSetValueKey


---- Devices - GMER 1.0.10 ----


Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8239E0E8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8226DC58

Device \Driver\NetBT \Device\NetBT_Tcpip_{B57DC481-98D3-46D9-88D7-EB7CDA65ED38} IRP_MJ_CREATE 81E160E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8239FC78

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8239FC78

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8239FC78

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8239FC78

Device \Driver\00000053 \Device\00000046 IRP_MJ_SYSTEM_CONTROL [F8451EA8] sptd.sys

Device \Driver\00000053 \Device\00000046 IRP_MJ_DEVICE_CHANGE [F8465A70] sptd.sys

Device \Driver\00000053 \Device\00000046 IRP_MJ_PNP_POWER [F845E728] sptd.sys

Device \Driver\00000053 \Device\00000047 IRP_MJ_SYSTEM_CONTROL [F8451EA8] sptd.sys

Device \Driver\00000053 \Device\00000047 IRP_MJ_DEVICE_CHANGE [F8465A70] sptd.sys

Device \Driver\00000053 \Device\00000047 IRP_MJ_PNP_POWER [F845E728] sptd.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8239FEB0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8239FEB0

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81FCB6D0

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CREATE 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CREATE_NAMED_PIPE 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CLOSEIRP_MJ_READ 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_WRITE 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_EA 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_EA 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_FLUSH_BUFFERS 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_VOLUME_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_VOLUME_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_DIRECTORY_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_FILE_SYSTEM_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_DEVICE_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_INTERNAL_DEVICE_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SHUTDOWN [F856795C] sfsync03.sys

Device \Driver\nvatabus \Device\00000065 IRP_MJ_LOCK_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CLEANUP 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_CREATE_MAILSLOT 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_SECURITY 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_SECURITY 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_POWER 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SYSTEM_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_DEVICE_CHANGE 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_QUERY_QUOTA 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_SET_QUOTA 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_PNP 8239F708

Device \Driver\nvatabus \Device\00000065 IRP_MJ_PNP_POWER 8239F708

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 81EAAA60

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 81EAAA60

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81FCB6D0

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CREATE 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CREATE_NAMED_PIPE 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CLOSEIRP_MJ_READ 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_WRITE 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_EA 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_EA 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_FLUSH_BUFFERS 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_VOLUME_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_VOLUME_INFORMATION 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_DIRECTORY_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_FILE_SYSTEM_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_DEVICE_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_INTERNAL_DEVICE_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SHUTDOWN [F856795C] sfsync03.sys

Device \Driver\nvatabus \Device\00000066 IRP_MJ_LOCK_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CLEANUP 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_CREATE_MAILSLOT 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_SECURITY 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_SECURITY 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_POWER 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SYSTEM_CONTROL 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_DEVICE_CHANGE 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_QUOTA 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_QUOTA 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_PNP 8239F708

Device \Driver\nvatabus \Device\00000066 IRP_MJ_PNP_POWER 8239F708

Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81FCB6D0

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81E160E8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81E160E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{272B5914-9284-4AEF-BC65-405E028172B1} IRP_MJ_CREATE 81E160E8

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8239F450


---- Processes - GMER 1.0.10 ----


Process C:\WINDOWS\system32\wintems.exe ( ***hidden*** ) 600 <-- ROOTKIT !


---- Files - GMER 1.0.10 ----


File D:\Program Files\Corel\Graphics9\shared                                                 

File D:\System Volume Information\MountPointManagerRemoteDatabase                            

File D:\System Volume Information\tracking.log                                               

File D:\System Volume Information\_restore{14E78F59-3B2F-4C0C-9668-05D68122F53A}             

File D:\System Volume Information\_restore{91192D77-2AFD-4B18-9B68-BB6AB72DD211}             


---- EOF - GMER 1.0.10 ----

[/code]
#9

taa,

Przejdź do zakładki cmd i wklej:

Teraz idz do zakładki procesy i wybierz opcje zabij wszystko, przejdź do usługi i z prawokliku skasuj m_hook

Powrót do cmd i wybierasz uruchom.

Restart i nowy log

#10

wyskoczylo mi :

Nieprawidowy przeĄcznik - -R-S-H.

C:\WINDOWS\system32\wintems.exe

Odmowa dost©pu.

Katalog nie jest pusty.
#11

Zrobiłeś jak prosiłem? Zakładki Procesy i kliknąć na opcję Zabij wszystko

wklej tylko to i daj jeszcze raz log - instrukcja wyżej

#12

no tak ale jak daje zabij wszystko to mam zwieche kompa i gmer mi nie odpowiada

#13

Masz daemon tools? Pewnie masz odinstaluj i przeczyść rejestr RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177 po tym zrób to co napisałem

#14

spisujesz solucje do notatnika , w gmerze wybierasz awaryjny…, gmer uruchomi minimalną ilość procesów, w zakładce prcesy wybierasz 3 kropki “…” i otwierasz solucje z notatnika i robisz wszystko co masz napisane.

nie jest to konieczne, ja też go mam i w awaryjnym gmera, nie wiesza się :wink:

#15

nie zawsze zależy od wersji rozmaiwałeś z gmerem - stery DAEMON Tools biją na kolan gmera

Na to sposób

#16

InfinityToJa , jak mam otworzyc ten plik txt w gmerze ??? bo wyskakuje jakis tam blad 87 i sciezka do pliku

Gutek2222 : gdzie mam to wpiscac czy co ???

(sorry za takie pytanie ale w tym temacie jak widac to raczkuje)

#17

z zakładki procesy wybrałeś 3 kropki, wskazałeś ścieżke, uruchomiłeś i taki błąd ? hmm

#18

tak , i wyskoczyl mi blad …

a to juz zrobilem :smiley:

#19

Już po zmianie powinna działać opcaj zabij wszystko i zrób jak napisałem wcześniej

#20

dalej nie dziala , ale czy to :

CODE 

PATH=C:\WINDOWS\System32;C:\WINDOWS

mam wpisac zamiast tego ???

%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL

utworzylem nowy taki :

Nazwa zmiennej:QUOTE

Wartosc zmiennej : PATH=C:\WINDOWS\System32;C:\WINDOWS

Juz sie pogubilem… :o