Klopoty z rootkit-em

eagle-jd · 31 Styczeń 2007 11:19

Od jakiegoś czasu ukrywają mi się programy monitorujące komputer. Spybot, SpywareGuard itd. Przeskanowałem komputer czym się dało i Avast nie wykrył wirusów, Spybot i Adaware też nic nie wykryły. Zainstalowałem spywar terminator i znalazł mi jednego trojana. Postanowiłem zeskanować też pod kątem występowania rootkita i chyba coś znalazł. Są klucze rejestru których nie mogę usunąć , pliki których nie ma. Wklejam logi z programów. Hijack , Silentrunner i rootkithookanalyzer. Ten ostatni znajduje coś.

HijackThis v1.99.1

Logfile of HijackThis v1.99.1 Scan saved at 11:50:15, on 2007-01-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programy\Avast\ashDisp.exe C:\Programy\SpywareGuard\sgmain.exe C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe C:\Programy\Jetico Personal Firewall 1.0.1.61\fwsrv.exe C:\Programy\Gadu-Gadu\gg.exe C:\Programy\Spybot - Search & Destroy\TeaTimer.exe C:\Programy\SpywareGuard\sgbhp.exe C:\Programy\Kalendarz XP\Kalendarz.exe C:\Programy\Avast\aswUpdSv.exe C:\Programy\Avast\ashServ.exe D:\Programy\Catia V5R16\intel_a\code\bin\CATSysDemon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe D:\Programy\UG NX\License Servers\UGNXFLEXlm\lmgrd.exe C:\Program Files\WinClamAVShield\sp_clam.exe D:\Programy\UG NX\License Servers\UGNXFLEXlm\uglmd.exe C:\Programy\Avast\ashMaiSv.exe C:\Programy\Avast\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Programy\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Adobe Reader 7.0.5\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programy\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [avast!] C:\Programy\Avast\ashDisp.exe O4 - HKLM…\Run: [spywareGuard] C:\Programy\SpywareGuard\sgmain.exe O4 - HKLM…\Run: [spywareTerminator] “C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe” O4 - HKLM…\Run: [JeticoPFStartup] “C:\Programy\Jetico Personal Firewall 1.0.1.61\fwsrv.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Programy\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Programy\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\Programy\MICROS~1\Office10\EXCEL.EXE/3000 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne … nicode.cab O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) - O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programy\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programy\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programy\Avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programy\Avast\ashWebSv.exe" /service (file missing) O23 - Service: Backbone Service (BBDemon) - Unknown owner - D:\Programy\Catia V5R16\intel_a\code\bin\CATSysDemon.exe" -service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Unigraphics Plot Server (ugiipqd) (ugiipqd) - Unknown owner - C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe O23 - Service: Unigraphics License Server (uglmd) - GLOBEtrotter Software Inc. - D:\Programy\UG NX\License Servers\UGNXFLEXlm\lmgrd.exe

Silent Runners

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Programy\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “SpybotSD TeaTimer” = “C:\Programy\Spybot - Search & Destroy\TeaTimer.exe” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “avast!” = “C:\Programy\Avast\ashDisp.exe” [null data] “SpywareGuard” = “C:\Programy\SpywareGuard\sgmain.exe” [null data] “SpywareTerminator” = ““C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe”” [“Crawler.com”] “JeticoPFStartup” = ““C:\Programy\Jetico Personal Firewall 1.0.1.61\fwsrv.exe”” [“Jetico, Inc.”] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Programy\Adobe Reader 7.0.5\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4A368E80-174F-4872-96B5-0B27DDD11DB2}(Default) = “SpywareGuard Download Protection” -> {HKLM…CLSID} = “SpywareGuardDLBLOCK.CBrowserHelper” \InProcServer32(Default) = “C:\Programy\SpywareGuard\dlprotect.dll” [null data] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Programy\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Programy\Microsoft Office XP\Office10\msohev.dll” [MS] “{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}” = “PhotoToys” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\phototoys.dll” [MS] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice 2.0.4\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice 2.0.4\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice 2.0.4\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice 2.0.4\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{81559C35-8464-49F7-BB0E-07A383BEF910}” = (no title provided) -> {HKLM…CLSID} = “SpywareGuard.Handler” \InProcServer32(Default) = “C:\Programy\SpywareGuard\spywareguard.dll” [null data] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Programy\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Programy\QuickTime\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}” = (no title provided) -> {HKLM…CLSID} = “SABShellExecuteHook Class” \InProcServer32(Default) = “C:\Programy\SUPERAntiSpyware\SASSEH.DLL” [“SuperAdBlocker.com”] <> “{81559C35-8464-49F7-BB0E-07A383BEF910}” = (no title provided) -> {HKLM…CLSID} = “SpywareGuard.Handler” \InProcServer32(Default) = “C:\Programy\SpywareGuard\spywareguard.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”| [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice 2.0.4\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Programy\Adobe Reader 7.0.5\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Programy\Avast\ashShell.dll” [“ALWIL Software”] IZArcCM(Default) = “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}” -> {HKLM…CLSID} = “IZArc Shell Context Menu” \InProcServer32(Default) = “C:\Programy\IZARC3~1.6\IZArcCM.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ IZArcCM(Default) = “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}” -> {HKLM…CLSID} = “IZArc Shell Context Menu” \InProcServer32(Default) = “C:\Programy\IZARC3~1.6\IZArcCM.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Programy\Avast\ashShell.dll” [“ALWIL Software”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “ForceClassicControlPanel” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoSMConfigurePrograms” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoChangeKeyboardNavigationIndicators” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “ClassicShell” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} “NoSharedDocuments” = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove Shared Documents from My Computer} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRemoteRecursiveEvents” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “ClassicShell” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “NoVisualStyleChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoColorChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSizeChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\JP\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “JP” & “All Users” startup folders: ---------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Kalendarz XP” -> shortcut to: “C:\Programy\Kalendarz XP\Kalendarz.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Programy\Avast\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Programy\Avast\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Programy\Avast\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Programy\Avast\ashWebSv.exe” /service” [“ALWIL Software”] Backbone Service, BBDemon, ““D:\Programy\Catia V5R16\intel_a\code\bin\CATSysDemon.exe” -service” [“Dassault Systemes”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Unigraphics License Server (uglmd), Unigraphics License Server (uglmd), ““D:\Programy\UG NX\License Servers\UGNXFLEXlm\lmgrd.exe”” [“GLOBEtrotter Software Inc.”] Unigraphics Plot Server (ugiipqd), ugiipqd, “C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe” [null data] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 209 seconds. ---------- (total run time: 246 seconds)

Złączono Posty : 31.01.2007 (Sro) 12:24

Z góry dzięki za pomoc. Dołączę jeszcze raport z gmera

adam9870 · 31 Styczeń 2007 11:28

Usuń kosmetycznie HJT.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Gdzie jest wykrywany rootkit? Najlepiej pokaż screena.

http://forum.dobreprogramy.pl/viewtopic.php?t=46412

Możesz dla pewności pokazać dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

eagle-jd · 31 Styczeń 2007 11:36

gmer pkt 1

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-31 12:38:37 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwClose SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwConnectPort SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwCreateFile SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwCreateKey SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwCreatePort SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwCreateSection SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwCreateThread SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwDeleteKey SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwDeleteValueKey SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwLoadDriver SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwOpenFile SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwSetValueKey SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwTerminateProcess SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwWriteFile SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwWriteVirtualMemory ---- Threads - GMER 1.0.12 ---- Thread 4:928 B88551B6 ---- EOF - GMER 1.0.12 ----

gmer pkt2

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-31 12:39:49 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service C:\WINDOWS\system32\drivers\0038.SYS [AUTO] 0038 Service C:\DOCUME~1\JP\USTAWI~1\Temp\0ea2.sys [MANUAL] 0ea2 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\1944.sys [MANUAL] 1944 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\35b7.sys [MANUAL] 35b7 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\4216.sys [MANUAL] 4216 Service C:\WINDOWS\system32\drivers\4e47.SYS [sYSTEM] 4e47 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\54d3.sys [MANUAL] 54d3 Service C:\DOCUME~1\JP\USTAWI~1\Temp\54f166.sys [MANUAL] 54f166 Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\System32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Programy\Avast\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Programy\Avast\ashServ.exe [AUTO] avast! Antivirus Service C:\Programy\Avast\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Programy\Avast\ashWebSv.exe [MANUAL] avast! Web Scanner Service BattC Service D:\Programy\Catia V5R16\intel_a\code\bin\CATSysDemon.exe [AUTO] BBDemon Service [sYSTEM] bcftdi Service [sYSTEM] bc_filter Service [sYSTEM] bc_ip_f Service [sYSTEM] bc_ngn Service [sYSTEM] bc_pat_f Service [sYSTEM] bc_prt_f Service [sYSTEM] bc_tdi_f Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [DISABLED] BITS Service C:\WINDOWS\System32\svchost.exe [MANUAL] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [DISABLED] cisvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service system32\DRIVERS\d347bus.sys [bOOT] d347bus Service C:\WINDOWS\System32\Drivers\d347prt.sys [bOOT] d347prt Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\d3a8.sys [MANUAL] d3a8 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\d472.sys [MANUAL] d472 Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [MANUAL] FontCache3.0.0.0 Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [MANUAL] GEARAspiWDM Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service F:\INSTALL\GMSIPCI.SYS [MANUAL] GMSIPCI Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [MANUAL] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [MANUAL] idsvc Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [DISABLED] iPod Service Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [DISABLED] LmHosts Service C:\WINDOWS\system32\drivers\LUMDriver.sys [sYSTEM] LUMDriver Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [DISABLED] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service MSDTC Bridge 3.0.0.0 Service [sYSTEM] Msfs Service F:\install4\MSICPL.sys [MANUAL] MSICPL Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [DISABLED] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [DISABLED] NetTcpPortSharing Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service F:\NTACCESS.sys [MANUAL] NTACCESS Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service PageDefrag Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\pciide.sys [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\PIMAMT.exe [DISABLED] PIMAMT Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [DISABLED] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service C:\WINDOWS\system32\drivers\RKPavProc.sys [MANUAL] RKPavProc Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [MANUAL] RTL8023xp Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\Programy\SUPERAntiSpyware\SASDIFSV.SYS [sYSTEM] SASDIFSV Service C:\Programy\SUPERAntiSpyware\SASENUM.SYS [MANUAL] SASENUM Service C:\Programy\SUPERAntiSpyware\SASKUTIL.sys [sYSTEM] SASKUTIL Service C:\WINDOWS\System32\SCardSvr.exe [DISABLED] SCardSvr Service C:\WINDOWS\System32\svchost.exe [MANUAL] Schedule Service ScsiPort Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service F:\NTGLM7X.sys [MANUAL] SetupNTGLM7X Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service SMSvcHost 3.0.0.0 Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service sptd Service C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys [sYSTEM] sp_rsdrv2 Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service swwd Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [DISABLED] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [MANUAL] TrkWks Service TSDDD Service [DISABLED] Udfs Service C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe [AUTO] ugiipqd Service [DISABLED] ultra Service D:\Programy\UG NX\License Servers\UGNXFLEXlm\lmgrd.exe [AUTO] Unigraphics License Server (uglmd) Service UnlockerDriver5 Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service usb Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbscan.sys [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [DISABLED] VSS Service C:\WINDOWS\system32\DRIVERS\w300bus.sys [MANUAL] w300bus Service C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [MANUAL] w300mdfl Service C:\WINDOWS\system32\DRIVERS\w300mdm.sys [MANUAL] w300mdm Service C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [MANUAL] w300mgmt Service C:\WINDOWS\system32\DRIVERS\w300obex.sys [MANUAL] w300obex Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [DISABLED] WebClient Service Windows Workflow Foundation 3.0.0.0 Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\Program Files\Windows Media Player\WMPNetwk.exe [MANUAL] WMPNetworkSvc Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc Service C:\WINDOWS\system32\svchost.exe [MANUAL] wuauserv Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys [MANUAL] WudfPf Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys [MANUAL] WudfRd Service C:\WINDOWS\system32\svchost.exe [MANUAL] WudfSvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {FF7DCAC0-BB49-400A-BBCB-1BD1A2D815B8} ---- EOF - GMER 1.0.12 ----

Złączono Posty : 31.01.2007 (Sro) 12:41

Złączono Posty : 31.01.2007 (Sro) 13:59

wszystko jest w porządku?? jeszcze firewall jetico zgłasza się że zmieniły się ustawienia sieci i musi się załadować system od nowa

Gutek · 31 Styczeń 2007 13:10

Użyj ATF-Cleaner - http://www.atribune.org/ccount/click.php?id=1

eagle-jd · 31 Styczeń 2007 13:32

nadal to samo. log jak w załączonym screenie.

adam9870 · 31 Styczeń 2007 13:36

Pokaż nowe logi z Gmer’a.

eagle-jd · 31 Styczeń 2007 13:57

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-31 15:01:53 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwClose SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwConnectPort SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwCreateFile SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwCreateKey SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwCreatePort SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwCreateSection SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwCreateThread SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwDeleteKey SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwDeleteValueKey SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwLoadDriver SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwOpenFile SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwSetValueKey SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwTerminateProcess SSDT ??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys ZwWriteFile SSDT \SystemRoot\System32\Drivers\bcftdi.SYS ZwWriteVirtualMemory ---- EOF - GMER 1.0.12 ----

adam9870 · 31 Styczeń 2007 14:08

Czysto, wklej jeszcze log wykonany przy ustawieniu usługi + pokazuj wszystko.

eagle-jd · 31 Styczeń 2007 14:08

a i wie ktoś może jak usunąć z rejestru wpis z /0 na końcu?? tzn taki który normalnie nie chce się usunąć

Złączono Posty : 31.01.2007 (Sro) 15:10

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-31 15:14:06 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service C:\WINDOWS\system32\drivers\0038.SYS [AUTO] 0038 Service C:\DOCUME~1\JP\USTAWI~1\Temp\0ea2.sys [MANUAL] 0ea2 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\1944.sys [MANUAL] 1944 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\35b7.sys [MANUAL] 35b7 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\4216.sys [MANUAL] 4216 Service C:\WINDOWS\system32\drivers\4e47.SYS [sYSTEM] 4e47 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\54d3.sys [MANUAL] 54d3 Service C:\DOCUME~1\JP\USTAWI~1\Temp\54f166.sys [MANUAL] 54f166 Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\System32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Programy\Avast\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Programy\Avast\ashServ.exe [AUTO] avast! Antivirus Service C:\Programy\Avast\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Programy\Avast\ashWebSv.exe [MANUAL] avast! Web Scanner Service BattC Service D:\Programy\Catia V5R16\intel_a\code\bin\CATSysDemon.exe [AUTO] BBDemon Service [sYSTEM] bcftdi Service [sYSTEM] bc_filter Service [sYSTEM] bc_ip_f Service [sYSTEM] bc_ngn Service [sYSTEM] bc_pat_f Service [sYSTEM] bc_prt_f Service [sYSTEM] bc_tdi_f Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [DISABLED] BITS Service C:\WINDOWS\System32\svchost.exe [MANUAL] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [DISABLED] cisvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service system32\DRIVERS\d347bus.sys [bOOT] d347bus Service C:\WINDOWS\System32\Drivers\d347prt.sys [bOOT] d347prt Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\d3a8.sys [MANUAL] d3a8 Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\d472.sys [MANUAL] d472 Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [MANUAL] FontCache3.0.0.0 Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [MANUAL] GEARAspiWDM Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service F:\INSTALL\GMSIPCI.SYS [MANUAL] GMSIPCI Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [MANUAL] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [MANUAL] idsvc Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [DISABLED] iPod Service Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [DISABLED] LmHosts Service C:\WINDOWS\system32\drivers\LUMDriver.sys [sYSTEM] LUMDriver Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [DISABLED] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service MSDTC Bridge 3.0.0.0 Service [sYSTEM] Msfs Service F:\install4\MSICPL.sys [MANUAL] MSICPL Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [DISABLED] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [DISABLED] NetTcpPortSharing Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service F:\NTACCESS.sys [MANUAL] NTACCESS Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service PageDefrag Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\pciide.sys [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\PIMAMT.exe [DISABLED] PIMAMT Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [DISABLED] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service C:\WINDOWS\system32\drivers\RKPavProc.sys [MANUAL] RKPavProc Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\drivers\rspsc.sys [DISABLED] RSPSC Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [MANUAL] RTL8023xp Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\Programy\SUPERAntiSpyware\SASDIFSV.SYS [sYSTEM] SASDIFSV Service C:\Programy\SUPERAntiSpyware\SASENUM.SYS [MANUAL] SASENUM Service C:\Programy\SUPERAntiSpyware\SASKUTIL.sys [sYSTEM] SASKUTIL Service C:\WINDOWS\System32\SCardSvr.exe [DISABLED] SCardSvr Service C:\WINDOWS\System32\svchost.exe [MANUAL] Schedule Service ScsiPort Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service F:\NTGLM7X.sys [MANUAL] SetupNTGLM7X Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service SMSvcHost 3.0.0.0 Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service sptd Service C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\sp_rsdrv2.sys [sYSTEM] sp_rsdrv2 Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service swwd Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [DISABLED] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [MANUAL] TrkWks Service TSDDD Service [DISABLED] Udfs Service C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe [AUTO] ugiipqd Service [DISABLED] ultra Service D:\Programy\UG NX\License Servers\UGNXFLEXlm\lmgrd.exe [AUTO] Unigraphics License Server (uglmd) Service UnlockerDriver5 Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service usb Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbscan.sys [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [DISABLED] VSS Service C:\WINDOWS\system32\DRIVERS\w300bus.sys [MANUAL] w300bus Service C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [MANUAL] w300mdfl Service C:\WINDOWS\system32\DRIVERS\w300mdm.sys [MANUAL] w300mdm Service C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [MANUAL] w300mgmt Service C:\WINDOWS\system32\DRIVERS\w300obex.sys [MANUAL] w300obex Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [DISABLED] WebClient Service Windows Workflow Foundation 3.0.0.0 Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\Program Files\Windows Media Player\WMPNetwk.exe [MANUAL] WMPNetworkSvc Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc Service C:\WINDOWS\system32\svchost.exe [MANUAL] wuauserv Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys [MANUAL] WudfPf Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys [MANUAL] WudfRd Service C:\WINDOWS\system32\svchost.exe [MANUAL] WudfSvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {FF7DCAC0-BB49-400A-BBCB-1BD1A2D815B8} ---- EOF - GMER 1.0.12 ----

to jak wytłumaczyć te wpisy z

http://img220.imageshack.us/my.php?image=pulpit1tx6.jpg

Złączono Posty : 31.01.2007 (Sro) 19:45

przeinstalowałem jetico personal firewall na drugim kompie i pojawił się ten sam plik co u mnie bcftdi.sys. Zaznaczony jest przez gmera jako SSDT rootkit. Użytkownik adam9870 stwierdził że to nic groźnego. Może mi ktoś napisać co to jest za plik??

I jeszcze jedno . Co taki wpis modyfikuje??

I dzięki za pomoc. Te ostatnie pytania to tylko do mojej informacji.