Komputer zwolnił i ostatnio się czesto zawiesza


(Czarekj3) #1

Prosze o sprawdzenie loga, komputer bardzo wolno chodzi i sie często zawiesza..

Logfile of HijackThis v1.99.1

Scan saved at 20:03:38, on 2007-01-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\BearShare\BearShare.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\VM303_STI.EXE

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

D:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\NEOSTR~1\neostradatp.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Toaster.exe

C:\PROGRA~1\NEOSTR~1\Inactivity.exe

C:\PROGRA~1\NEOSTR~1\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

D:\Program Files\Winamp\winamp.exe

C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\czaruś\Ustawienia lokalne\Temp\wzc5b7\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [˙_zskvuzegxhje`ro`qntniwmdksz_] c:\windows\system32\_zskdmwintnq`or`ejhxgezuv.exe

O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\RunServices: [˙_zskvuzegxhje`ro`qntniwmdksz_] c:\windows\system32\_zskdmwintnq`or`ejhxgezuv.exe

O4 - HKCU\..\Run: [GoDClient] "C:\Program Files\GoDClient\GoDClient.exe" /tray

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [˙_zskvuzegxhje`ro`qntniwmdksz_] c:\windows\system32\_zskdmwintnq`or`ejhxgezuv.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_43.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C4922488-5A57-433B-8AC9-AE4CA083D62D}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: xptptt - xptptt.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Pamiętaj o prawidłowym tytułowaniu tematów.

Pozdrawiam Gutek2222


(adam9870) #2

Nie trzymaj hijacka w TEMPie bądź innym katalogu tymczasowym. Umieść go np. na pulpicie.

Pobierz Gmer'a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

  • w zakładce Procesy kliknij Zabij wszystko. Teraz poczekaj cierpliwie aż zniknie pulpit i wykonuj dalsze czynności

  • kliknij Pliki i usuń następujące pliki:

c:\windows\system32**** _zskdmwintnqorejhxgezuv.exe

C:\WINDOWS\system32**** xptptt.dll

  • przez ... (trzy kropki) wskaż hijacka i usuń w nim wpisy:

Teraz reset i pokaż komplet logów:

  • HijackThis

  • SilentRunners

  • Gmer na dwóch opcjach:

  • Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwei aż skończu >>> Kopiuj >>> wklej do posta

  • Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwei aż skończy >>> Kopiuj >>> wklej do posta


(Czarekj3) #3

Jest problem bo zrobiłem wszystko to co kazałeś.. czyli mam wszystkie raporty jednak są one tak długie że nie moge zamieścić ich na forum. Mam te raporty w wordpadzie, więc mógłbym wysłać na e-maila ?? !!


(adam9870) #4

Skoro nie mieszczą się wszystkie do posta to umieść je w plikach tekstowych i wrzuć na jakiś serwer.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929


(Czarekj3) #5

link do raportów: http://www.megarotic.com/pl/?d=K9K3J2PS


(adam9870) #6

Jeśli możesz, to proszę wrzuć to na jakiś inny serwer (np. http://www.sendspace.com/) ponieważ na tym na który aktualnie wrzuciłeś konieczne jest zainstalowanie toolbara, aby móc pobrać plik.


(Czarekj3) #7

http://www.sendspace.com/file/or4hky


(adam9870) #8

W Gmerze w zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

i kliknij uruchom.

Potem nowe logi.


(Czarekj3) #9
ADS C:\WINDOWS\system32:lzx32.sys 

File C:\WINDOWS\system32\fux87.ini 

File C:\WINDOWS\system32\klgcptini.dat 

File C:\WINDOWS\system32\sd.dll 

File C:\WINDOWS\system32\sd.sys 

File C:\WINDOWS\system32\xptpmm.sys 

Service C:\WINDOWS\system32\xptpmm.sys [SYSTEM] xptpmm 

Service C:\WINDOWS\system32\xptpmm.sys [AUTO] xptptt

a z tym co mam zrobić ?


(adam9870) #10

Ja tylko zacytowałem co jest szkodliwego w logu. Aby tego się pozbyć w Gmerze w zakładce CMD z zaznaczoną opcją CMD.EXE wklejasz poniższe komendy:

klikasz Uruchom z prawej strony. Po tym komputer się zrestartuje i wykonaj nowe logi, które przedstaw następnie na Forum.


(Czarekj3) #11

Nie wiem czy sie tego pozbyłem czy nie bo jak kliknełem urochom to mi błedy jakies zaczeły wyskakiwać..Błąd w czasie kasowania i parametr jest nie poprawny coś takiego...

No a to logi:

HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 16:19:13, on 2007-01-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\BearShare\BearShare.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\VM303_STI.EXE

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

D:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\PROGRA~1\NEOSTR~1\neostradatp.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Toaster.exe

C:\PROGRA~1\NEOSTR~1\Inactivity.exe

C:\PROGRA~1\NEOSTR~1\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\NEOSTR~1\Watch.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\czaruś\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKCU\..\Run: [GoDClient] "C:\Program Files\GoDClient\GoDClient.exe" /tray

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_43.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C4922488-5A57-433B-8AC9-AE4CA083D62D}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

Gmer: 1.

GMER 1.0.12.12010 - http://www.gmer.net

Rootkit scan 2007-01-21 16:16:52

Windows 5.1.2600 Dodatek Service Pack 2



---- System - GMER 1.0.12 ----


SSDT \??\C:\WINDOWS\system32\xptpmm.sys ZwOpenProcess

SSDT \??\C:\WINDOWS\system32\xptpmm.sys ZwQueryDirectoryFile


---- User code sections - GMER 1.0.12 ----


.text C:\Program Files\BearShare\BearShare.exe[1356] USER32.dll!SetScrollInfo 77D3902C 5 Bytes JMP 0063B6BE C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1356] USER32.dll!GetScrollPos 77D3F66F 5 Bytes JMP 0063B750 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1356] USER32.dll!SetScrollRange 77D3F6BB 5 Bytes JMP 0063B629 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1356] USER32.dll!SetScrollPos 77D3F780 5 Bytes JMP 0063B675 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1356] USER32.dll!GetScrollRange 77D3F7B7 5 Bytes JMP 0063B707 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1356] USER32.dll!ShowScrollBar 77D40142 5 Bytes JMP 0063B5E3 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1356] USER32.dll!GetScrollBarInfo 77D43A01 5 Bytes JMP 0063B81F C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1356] USER32.dll!GetScrollInfo 77D43A2F 5 Bytes JMP 0063B793 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1356] USER32.dll!EnableScrollBar 77D87BAD 5 Bytes JMP 0063B7D9 C:\Program Files\BearShare\BearShare.exe


---- Threads - GMER 1.0.12 ----


Thread 380:388 75B37D4B

Thread 380:392 75B3BEC5

Thread 380:396 75B14616

Thread 380:400 75B13B3A

Thread 380:412 75B14616

Thread 380:416 75B37CC7

Thread 380:420 75B37CC7

Thread 380:468 75B37CC7

Thread 380:1328 75B14616

Thread 380:1412 75B14616

Thread 380:1404 75B37FBC


---- Registry - GMER 1.0.12 ----


Reg \Registry\USER\S-1-5-21-117609710-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:Kynfxv - Manar xbovrgl antb, manar Cbyxv antb, Znaqnelan antb, Ntngn Ze?m antb, Qbqn antb, Naan Cemlolyfxn antb, Rjn Fbaarg antb, Erangn Qnaprjvpm antb, Xngnemlan Pvpubcrx antb, Xngnemlan Svthen antb, Ntavrfmxn Selxbjfxn antb, Naan Zhpun antb, Rqlgn T?eavnx a 0x76 0x00 0x00 0x00 ...

Reg \Registry\USER\S-1-5-21-117609710-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:Xngnybt svez Tnovargl Tvarxbybtvpmar ? ?Mqebjvr, Hebqn? - vasbSVEZN.cy >> Qnezbjr (ormc?ngar) jvmlg?jxv j xngnybth. Cbmlpwbabjnavr fgeba vagreargbjlpu, svezl unaqybjr, svezl hf?htbjr, cebqhxpwn, fxyrcl. Mnxhcl: fgeban vagreargbjn (PZF), fxyrc vagreargbjl, PEZ 0xAF 0x00 0x00 0x00 ...


---- Files - GMER 1.0.12 ----


ADS C:\WINDOWS\system32:lzx32.sys                                                                                                                                                                                                                                                                                                                                                                                                                           

File C:\WINDOWS\system32\fux87.ini                                                                                                                                                                                                                                                                                                                                                                                                                           

File C:\WINDOWS\system32\klgcptini.dat                                                                                                                                                                                                                                                                                                                                                                                                                       

File C:\WINDOWS\system32\sd.dll                                                                                                                                                                                                                                                                                                                                                                                                                              

File C:\WINDOWS\system32\sd.sys                                                                                                                                                                                                                                                                                                                                                                                                                              

File C:\WINDOWS\system32\xptpmm.sys <-- ROOTKIT !

ADS D:\mp3\paffendorf.mp3:KAVICHS                                                                                                                                                                                                                                                                                                                                                                                                                           


---- Services - GMER 1.0.12 ----


Service C:\WINDOWS\system32\xptpmm.sys [SYSTEM] xptpmm <-- ROOTKIT !


---- EOF - GMER 1.0.12 ----[/code]








Gmer:



2.

[code]GMER 1.0.12.12010 - http://www.gmer.net Rootkit scan 2007-01-21 16:18:04 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [SYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD Service [SYSTEM] AFS2K Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [SYSTEM] aswTdi Service D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service D:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service BattC Service [SYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE Service [DISABLED] cd20xrnt Service [SYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom Service [SYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\CTsvcCDA.EXE [AUTO] Creative Service for CDROM Access Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [MANUAL] ctsfm2k Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\system32\drivers\EagleNT.sys [MANUAL] EagleNT Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [SYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr Service [SYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk Service C:\WINDOWS\System32\FTRTSVC.exe [AUTO] FTRTSVC Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys [MANUAL] HPZid412 Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [MANUAL] HPZipr12 Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys [MANUAL] HPZius12 Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [SYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k510bus.sys [MANUAL] k510bus Service C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [MANUAL] k510mdfl Service C:\WINDOWS\system32\DRIVERS\k510mdm.sys [MANUAL] k510mdm Service C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [MANUAL] k510mgmt Service C:\WINDOWS\system32\DRIVERS\k510obex.sys [MANUAL] k510obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [BOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [SYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [SYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [BOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [SYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [BOOT] Mup Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC Service [BOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [SYSTEM] Npfs Service C:\WINDOWS\system32\npptNT2.sys [SYSTEM] NPPTNT2 Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [SYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [MANUAL] ossrv Service C:\WINDOWS\system32\drivers\P17.sys [MANUAL] P17 Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [BOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\PCAMPR5.SYS [MANUAL] PCAMPR5 Service C:\WINDOWS\system32\PCANDIS5.SYS [MANUAL] PCANDIS5 Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI Service [SYSTEM] PCIDump Service C:\WINDOWS\system32\DRIVERS\pciide.sys [BOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\HPZipm12.exe [MANUAL] Pml Driver HPZ12 Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial Service [SYSTEM] Sfloppy Service SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\drivers\sis7012.sys [MANUAL] SiS7012 Service C:\WINDOWS\system32\DRIVERS\sisagp.sys [BOOT] sisagp Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\system32\DRIVERS\sr.sys [BOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip Service C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [AUTO] StyleXPService Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service USB Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbohci.sys [MANUAL] usbohci Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\usbscan.sys [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service VFILT Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave Service [DISABLED] ViaIde Service [BOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service [SYSTEM] WS2IFSL Service wscsvc Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service C:\WINDOWS\system32\xptpmm.sys [SYSTEM] xptpmm Service C:\WINDOWS\system32\xptpmm.sys [AUTO] xptptt Service C:\WINDOWS\System32\Drivers\usbVM303.sys [MANUAL] ZSMC303 Service {57B976F3-5CAF-427F-BCED-70B259500FB2} Service {7E16850E-F90C-4F11-99D0-DEB670DA6DF0} ---- EOF - GMER 1.0.12 ----

SilentRunners:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"GoDClient" = ""C:\Program Files\GoDClient\GoDClient.exe" /tray" [file not found]

"Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]

"AnyCaptureScreen" = "(empty string)" [file not found]

"Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"P17Helper" = "Rundll32 P17.dll,P17Helper" [MS]

"CTSysVol" = "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" ["MusicLab, LLC"]

"(Default)" = "(empty string)" [file not found]

"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"]

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe" ["France Télécom R&D"]

"BigDog303" = "C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)" ["Vimicro"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided)

-> {HKLM


(adam9870) #12

Nadal siedzi, w takim razie usuwanie ręczne.

W Gmerze:

  1. W zakładce Usuługi kliknij prawym klawiszem na usługę xptpmm i wybierz Usuń. To samo robisz z usługą xptptt

  2. W zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

  1. W zakładce Procesy kliknij Zabij wszystko. Teraz poczekaj cierpliwie i się nie przestrasz, ponieważ zniknie pulpit.

  2. W zakładce CMD z opcją CMD.EXE kliknij Uruchom

Teraz reset i pokaż nowe logi z Gmer'a.


(Czarekj3) #13

1.xptpmm usunełem.. ale xptptt nie dało sie usunąć..

4.I jak kliknełem uruchom to pojawiło mi sie że niemożna odnaleść tych plików

logi:

1.

GMER 1.0.12.12010 - http://www.gmer.net

Rootkit scan 2007-01-21 17:52:05

Windows 5.1.2600 Dodatek Service Pack 2



---- User code sections - GMER 1.0.12 ----


.text C:\Program Files\BearShare\BearShare.exe[1384] USER32.dll!SetScrollInfo 77D3902C 5 Bytes JMP 0063B6BE C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1384] USER32.dll!GetScrollPos 77D3F66F 5 Bytes JMP 0063B750 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1384] USER32.dll!SetScrollRange 77D3F6BB 5 Bytes JMP 0063B629 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1384] USER32.dll!SetScrollPos 77D3F780 5 Bytes JMP 0063B675 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1384] USER32.dll!GetScrollRange 77D3F7B7 5 Bytes JMP 0063B707 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1384] USER32.dll!ShowScrollBar 77D40142 5 Bytes JMP 0063B5E3 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1384] USER32.dll!GetScrollBarInfo 77D43A01 5 Bytes JMP 0063B81F C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1384] USER32.dll!GetScrollInfo 77D43A2F 5 Bytes JMP 0063B793 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1384] USER32.dll!EnableScrollBar 77D87BAD 5 Bytes JMP 0063B7D9 C:\Program Files\BearShare\BearShare.exe

.text D:\Program Files\Winamp\winamp.exe[3328] USER32.dll!SetScrollInfo 77D3902C 7 Bytes JMP 01F7936E D:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text D:\Program Files\Winamp\winamp.exe[3328] USER32.dll!GetScrollPos 77D3F66F 5 Bytes JMP 01F7931E D:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text D:\Program Files\Winamp\winamp.exe[3328] USER32.dll!SetScrollRange 77D3F6BB 5 Bytes JMP 01F793C4 D:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text D:\Program Files\Winamp\winamp.exe[3328] USER32.dll!SetScrollPos 77D3F780 5 Bytes JMP 01F79399 D:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text D:\Program Files\Winamp\winamp.exe[3328] USER32.dll!GetScrollRange 77D3F7B7 5 Bytes JMP 01F79343 D:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text D:\Program Files\Winamp\winamp.exe[3328] USER32.dll!ShowScrollBar 77D40142 5 Bytes JMP 01F793F2 D:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text D:\Program Files\Winamp\winamp.exe[3328] USER32.dll!GetScrollInfo 77D43A2F 7 Bytes JMP 01F792F6 D:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text D:\Program Files\Winamp\winamp.exe[3328] USER32.dll!EnableScrollBar 77D87BAD 7 Bytes JMP 01F792CE D:\Program Files\Winamp\Plugins\gen_jumpex.dll


---- Threads - GMER 1.0.12 ----


Thread 384:392 75B37D4B

Thread 384:396 75B3BEC5

Thread 384:400 75B14616

Thread 384:404 75B13B3A

Thread 384:416 75B14616

Thread 384:420 75B37CC7

Thread 384:424 75B37CC7

Thread 384:472 75B37CC7

Thread 384:1336 75B14616

Thread 384:1560 75B14616

Thread 384:1568 75B14616

Thread 384:864 75B37FBC

Thread 752:756 7C810867

Thread 752:784 7C810856

Thread 752:788 7C810856

Thread 752:792 7C810856

Thread 752:1820 7C810856

Thread 752:3256 7C810856

Thread 752:3260 7C810856

Thread 1288:1292 7C810867


---- Registry - GMER 1.0.12 ----


Reg \Registry\USER\S-1-5-21-117609710-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:Kynfxv - Manar xbovrgl antb, manar Cbyxv antb, Znaqnelan antb, Ntngn Ze?m antb, Qbqn antb, Naan Cemlolyfxn antb, Rjn Fbaarg antb, Erangn Qnaprjvpm antb, Xngnemlan Pvpubcrx antb, Xngnemlan Svthen antb, Ntavrfmxn Selxbjfxn antb, Naan Zhpun antb, Rqlgn T?eavnx a 0x76 0x00 0x00 0x00 ...

Reg \Registry\USER\S-1-5-21-117609710-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:Xngnybt svez Tnovargl Tvarxbybtvpmar ? ?Mqebjvr, Hebqn? - vasbSVEZN.cy >> Qnezbjr (ormc?ngar) jvmlg?jxv j xngnybth. Cbmlpwbabjnavr fgeba vagreargbjlpu, svezl unaqybjr, svezl hf?htbjr, cebqhxpwn, fxyrcl. Mnxhcl: fgeban vagreargbjn (PZF), fxyrc vagreargbjl, PEZ 0xAF 0x00 0x00 0x00 ...


---- Files - GMER 1.0.12 ----


ADS C:\WINDOWS\system32:lzx32.sys                                                                                                                                                                                                                                                                                                                                                                                                                           

ADS D:\mp3\paffendorf.mp3:KAVICHS                                                                                                                                                                                                                                                                                                                                                                                                                           


---- EOF - GMER 1.0.12 ----

2.

GMER 1.0.12.12010 - http://www.gmer.net

Rootkit scan 2007-01-21 17:52:39

Windows 5.1.2600 Dodatek Service Pack 2



---- Services - GMER 1.0.12 ----


Service .NET CLR Data

Service .NET CLR Networking

Service .NETFramework

Service [SYSTEM] Aavmker4

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI

Service [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD

Service [SYSTEM] AFS2K

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn

Service C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service ASP.NET

Service ASP.NET_1.1.4322

Service Aspi32

Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state

Service [AUTO] aswMon2

Service [MANUAL] aswRdr

Service [SYSTEM] aswTdi

Service D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv

Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub

Service D:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus

Service D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner

Service D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner

Service BattC

Service [SYSTEM] Beep

Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS

Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser

Service [DISABLED] cbidf2k

Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE

Service [DISABLED] cd20xrnt

Service [SYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom

Service [SYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service [DISABLED] CmdIde

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\CTsvcCDA.EXE [AUTO] Creative Service for CDROM Access

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [MANUAL] ctsfm2k

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload

Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\system32\drivers\EagleNT.sys [MANUAL] EagleNT

Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc

Service [SYSTEM] Fips

Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk

Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr

Service [SYSTEM] Fs_Rec

Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk

Service C:\WINDOWS\System32\FTRTSVC.exe [AUTO] FTRTSVC

Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi

Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb

Service [DISABLED] hpn

Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys [MANUAL] HPZid412

Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [MANUAL] HPZipr12

Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys [MANUAL] HPZius12

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service [SYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt

Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT

Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi

Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service [DISABLED] IntelIde

Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw

Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec

Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp

Service C:\WINDOWS\system32\DRIVERS\k510bus.sys [MANUAL] k510bus

Service C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [MANUAL] k510mdfl

Service C:\WINDOWS\system32\DRIVERS\k510mdm.sys [MANUAL] k510mdm

Service C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [MANUAL] k510mgmt

Service C:\WINDOWS\system32\DRIVERS\k510obex.sys [MANUAL] k510obex

Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [BOOT] KSecDD

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation

Service [SYSTEM] lbrtfdc

Service ldap

Service LicenseService

Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger

Service [SYSTEM] mnmdd

Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass

Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid

Service [BOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb

Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC

Service [SYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE

Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401

Service [BOOT] Mup

Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC

Service [BOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP

Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio

Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS

Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla

Service [SYSTEM] Npfs

Service C:\WINDOWS\system32\npptNT2.sys [SYSTEM] NPPTNT2

Service [DISABLED] Ntfs

Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [SYSTEM] Null

Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv

Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc

Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [MANUAL] ossrv

Service C:\WINDOWS\system32\drivers\P17.sys [MANUAL] P17

Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport

Service [BOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\system32\PCAMPR5.SYS [MANUAL] PCAMPR5

Service C:\WINDOWS\system32\PCANDIS5.SYS [MANUAL] PCANDIS5

Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI

Service [SYSTEM] PCIDump

Service C:\WINDOWS\system32\DRIVERS\pciide.sys [BOOT] PCIIde

Service [DISABLED] Pcmcia

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\system32\HPZipm12.exe [MANUAL] Pml Driver HPZ12

Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent

Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD

Service RDPDD

Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry

Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP

Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [AUTO] Secdrv

Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum

Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial

Service [SYSTEM] Sfloppy

Service SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service C:\WINDOWS\system32\drivers\sis7012.sys [MANUAL] SiS7012

Service C:\WINDOWS\system32\DRIVERS\sisagp.sys [BOOT] sisagp

Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler

Service C:\WINDOWS\system32\DRIVERS\sr.sys [BOOT] sr

Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV

Service C:\WINDOWS\system32\svchost.exe [AUTO] stisvc

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip

Service C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [AUTO] StyleXPService

Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service TSDDD

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf

Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service USB

Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp

Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\usbohci.sys [MANUAL] usbohci

Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint

Service C:\WINDOWS\system32\DRIVERS\usbscan.sys [MANUAL] usbscan

Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR

Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv

Service VFILT

Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave

Service [DISABLED] ViaIde

Service [BOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time

Service W3SVC

Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service WinSock2

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi

Service WmiApRpl

Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service [SYSTEM] WS2IFSL

Service wscsvc

Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC

Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov

Service C:\WINDOWS\System32\Drivers\usbVM303.sys [MANUAL] ZSMC303

Service {57B976F3-5CAF-427F-BCED-70B259500FB2}

Service {7E16850E-F90C-4F11-99D0-DEB670DA6DF0}


---- EOF - GMER 1.0.12 ----

(adam9870) #14

W Gmerze w zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

Kliknij Uruchom i restart.

Potem nowe logi.


(Czarekj3) #15

Zrobiłem, komputer chodzi troche płynniej ale nadal nie za szybko i długo sie włącza...

logi:

1.

GMER 1.0.12.12010 - http://www.gmer.net

Rootkit scan 2007-01-21 18:39:36

Windows 5.1.2600 Dodatek Service Pack 2



---- Threads - GMER 1.0.12 ----


Thread 1676:1680 7C810867

Thread 1676:1712 7C810856

Thread 1676:1892 7C810856

Thread 384:1352 75B14616

Thread 384:1356 75B14616

Thread 384:1360 75B14616

Thread 384:1368 75B14616

Thread 384:1404 75B14616

Thread 384:392 75B37D4B

Thread 384:396 75B3BEC5

Thread 384:400 75B14616

Thread 384:404 75B13B3A

Thread 384:416 75B14616

Thread 384:420 75B37CC7

Thread 384:424 75B37CC7

Thread 384:472 75B37CC7

Thread 384:972 75B37FBC

Thread 452:1440 7C810856

Thread 452:1784 7C810856

Thread 452:2604 7C810856

Thread 452:2608 7C810856

Thread 452:268 7C810856

Thread 452:2952 7C810856

Thread 452:544 7C810856

Thread 452:548 7C810856

Thread 452:552 7C810856

Thread 452:580 7C810856

Thread 452:588 7C810856

Thread 452:596 7C810856

Thread 452:620 7C810856

Thread 452:656 7C810856

Thread 452:768 7C810856

Thread 452:772 7C810856

Thread 792:1172 7C810856

Thread 792:1176 7C810856

Thread 792:1180 7C810856

Thread 792:1588 7C810856

Thread 792:1772 7C810856

Thread 792:2052 7C810856

Thread 792:2056 7C810856

Thread 792:2096 7C810856

Thread 792:2100 7C810856

Thread 792:2936 7C810856

Thread 792:2972 7C810856

Thread 792:796 7C810867

Thread 792:820 7C810856

Thread 792:828 7C810856


---- Registry - GMER 1.0.12 ----


Reg \Registry\USER\S-1-5-21-117609710-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:Kynfxv - Manar xbovrgl antb, manar Cbyxv antb, Znaqnelan antb, Ntngn Ze?m antb, Qbqn antb, Naan Cemlolyfxn antb, Rjn Fbaarg antb, Erangn Qnaprjvpm antb, Xngnemlan Pvpubcrx antb, Xngnemlan Svthen antb, Ntavrfmxn Selxbjfxn antb, Naan Zhpun antb, Rqlgn T?eavnx a 0x76 0x00 0x00 0x00 ...

Reg \Registry\USER\S-1-5-21-117609710-926492609-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:Xngnybt svez Tnovargl Tvarxbybtvpmar ? ?Mqebjvr, Hebqn? - vasbSVEZN.cy >> Qnezbjr (ormc?ngar) jvmlg?jxv j xngnybth. Cbmlpwbabjnavr fgeba vagreargbjlpu, svezl unaqybjr, svezl hf?htbjr, cebqhxpwn, fxyrcl. Mnxhcl: fgeban vagreargbjn (PZF), fxyrc vagreargbjl, PEZ 0xAF 0x00 0x00 0x00 ...


---- User code sections - GMER 1.0.12 ----


.text C:\Program Files\BearShare\BearShare.exe[1432] USER32.dll!EnableScrollBar 77D87BAD 5 Bytes JMP 0063B7D9 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1432] USER32.dll!GetScrollBarInfo 77D43A01 5 Bytes JMP 0063B81F C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1432] USER32.dll!GetScrollInfo 77D43A2F 5 Bytes JMP 0063B793 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1432] USER32.dll!GetScrollPos 77D3F66F 5 Bytes JMP 0063B750 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1432] USER32.dll!GetScrollRange 77D3F7B7 5 Bytes JMP 0063B707 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1432] USER32.dll!SetScrollInfo 77D3902C 5 Bytes JMP 0063B6BE C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1432] USER32.dll!SetScrollPos 77D3F780 5 Bytes JMP 0063B675 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1432] USER32.dll!SetScrollRange 77D3F6BB 5 Bytes JMP 0063B629 C:\Program Files\BearShare\BearShare.exe

.text C:\Program Files\BearShare\BearShare.exe[1432] USER32.dll!ShowScrollBar 77D40142 5 Bytes JMP 0063B5E3 C:\Program Files\BearShare\BearShare.exe


---- Files - GMER 1.0.12 ----


ADS C:\WINDOWS\system32:lzx32.sys                                                                                                                                                                                                                                                                                                                                                                                                                           

ADS D:\mp3\paffendorf.mp3:KAVICHS                                                                                                                                                                                                                                                                                                                                                                                                                           


---- EOF - GMER 1.0.12 ----

2.

GMER 1.0.12.12010 - http://www.gmer.net

Rootkit scan 2007-01-21 18:40:25

Windows 5.1.2600 Dodatek Service Pack 2



---- Services - GMER 1.0.12 ----


Service .NET CLR Data

Service .NET CLR Networking

Service .NETFramework

Service [SYSTEM] Aavmker4

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI

Service [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD

Service [SYSTEM] AFS2K

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn

Service C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service ASP.NET

Service ASP.NET_1.1.4322

Service Aspi32

Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state

Service [AUTO] aswMon2

Service [MANUAL] aswRdr

Service [SYSTEM] aswTdi

Service D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv

Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub

Service D:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus

Service D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner

Service D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner

Service BattC

Service [SYSTEM] Beep

Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS

Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser

Service [DISABLED] cbidf2k

Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE

Service [DISABLED] cd20xrnt

Service [SYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom

Service [SYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service [DISABLED] CmdIde

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\CTsvcCDA.EXE [AUTO] Creative Service for CDROM Access

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [MANUAL] ctsfm2k

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload

Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\system32\drivers\EagleNT.sys [MANUAL] EagleNT

Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc

Service [SYSTEM] Fips

Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk

Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr

Service [SYSTEM] Fs_Rec

Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk

Service C:\WINDOWS\System32\FTRTSVC.exe [AUTO] FTRTSVC

Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi

Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb

Service [DISABLED] hpn

Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys [MANUAL] HPZid412

Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [MANUAL] HPZipr12

Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys [MANUAL] HPZius12

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service [SYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt

Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT

Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi

Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service [DISABLED] IntelIde

Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw

Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec

Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp

Service C:\WINDOWS\system32\DRIVERS\k510bus.sys [MANUAL] k510bus

Service C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [MANUAL] k510mdfl

Service C:\WINDOWS\system32\DRIVERS\k510mdm.sys [MANUAL] k510mdm

Service C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [MANUAL] k510mgmt

Service C:\WINDOWS\system32\DRIVERS\k510obex.sys [MANUAL] k510obex

Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [BOOT] KSecDD

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation

Service [SYSTEM] lbrtfdc

Service ldap

Service LicenseService

Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger

Service [SYSTEM] mnmdd

Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass

Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid

Service [BOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb

Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC

Service [SYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE

Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401

Service [BOOT] Mup

Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC

Service [BOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP

Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio

Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS

Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla

Service [SYSTEM] Npfs

Service C:\WINDOWS\system32\npptNT2.sys [SYSTEM] NPPTNT2

Service [DISABLED] Ntfs

Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [SYSTEM] Null

Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv

Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc

Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [MANUAL] ossrv

Service C:\WINDOWS\system32\drivers\P17.sys [MANUAL] P17

Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport

Service [BOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\system32\PCAMPR5.SYS [MANUAL] PCAMPR5

Service C:\WINDOWS\system32\PCANDIS5.SYS [MANUAL] PCANDIS5

Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI

Service [SYSTEM] PCIDump

Service C:\WINDOWS\system32\DRIVERS\pciide.sys [BOOT] PCIIde

Service [DISABLED] Pcmcia

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\system32\HPZipm12.exe [MANUAL] Pml Driver HPZ12

Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent

Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD

Service RDPDD

Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry

Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP

Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [AUTO] Secdrv

Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum

Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial

Service [SYSTEM] Sfloppy

Service SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service C:\WINDOWS\system32\drivers\sis7012.sys [MANUAL] SiS7012

Service C:\WINDOWS\system32\DRIVERS\sisagp.sys [BOOT] sisagp

Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler

Service C:\WINDOWS\system32\DRIVERS\sr.sys [BOOT] sr

Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV

Service C:\WINDOWS\system32\svchost.exe [AUTO] stisvc

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip

Service C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [AUTO] StyleXPService

Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service TSDDD

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf

Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service USB

Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp

Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\usbohci.sys [MANUAL] usbohci

Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint

Service C:\WINDOWS\system32\DRIVERS\usbscan.sys [MANUAL] usbscan

Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR

Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv

Service VFILT

Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave

Service [DISABLED] ViaIde

Service [BOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time

Service W3SVC

Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service WinSock2

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi

Service WmiApRpl

Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service [SYSTEM] WS2IFSL

Service wscsvc

Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC

Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov

Service C:\WINDOWS\System32\Drivers\usbVM303.sys [MANUAL] ZSMC303

Service {57B976F3-5CAF-427F-BCED-70B259500FB2}

Service {7E16850E-F90C-4F11-99D0-DEB670DA6DF0}


---- EOF - GMER 1.0.12 ----

(adam9870) #16

Niestety nadal siedzi ten strumień po rootkcie pe386:

Czy aby na pewno wykonałeś instrukcje podane w moim poprzednim poście? Spróbuj je powtórzyć czyli w zakładce CMD z zaznaczoną opcją CMD.EXE wklej poniższe komendy:

i z prawej strony kliknij Uruchom po czym komputer powinien się zrestartować.

Dodatkowo puść w ruch automat usuwający tego rootkita -> Rustock.b-fix oraz użyj SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Po wykonaniu proszę wkleić nowe logi z Gmer'a oraz raporty z wyżej wymienionych narzędzi.


(system) #17

Tego nie usunie w ten sposób. Pliku juz nie ma został tylko jedynie strumień w partycji NTFS.

Zrób tak

Najlepiej tez poczytaj ten temat i przejdz do Streams


(Gblade) #18

Witam,

Rustock.b-fix kasuje wszystkie obecnie zidentyfikowane warianty tego rootkita.

http://www.unicorn.ksiezyc.pl/cyber/ind ... 247.0.html

Puść według powyższego opisu, rootkit powinien zostać bezproblemowo usunięty.