Martwy net, blokada tła pulpitu

krokodyl1 · 15 Marzec 2007 20:51

witam!

złapałem jakieś wirusy, usunąłem je ręcznie, ale po restarcie połączenie z neostradą jest martwe, nie działa www, poczta, nie robi pinga, a połączenie jest ustanowione, na drugim kompie jest ok. poza tym nie mogę zmienić tła puplitu, okno z tymi opcjami jest nieaktywne.logi:

Logfile of HijackThis v1.99.1 Scan saved at 21:34:32, on 2007-03-15 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\Program Files\TOSHIBA\PadTouch\PadExe.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Cezary\Pulpit\naprawa\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F3 - REG:win.ini: load=C:\YDPDict\watch.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: (no name) - {435DBFC5-BF5B-8FF7-B8B8-780126B8D2CD} - (no file) O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing) O2 - BHO: (no name) - {762F008D-0013-BA85-F007-0A346E07A0F8} - (no file) O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1{38358~1\Bar888.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1{38358~1\Bar888.dll (file missing) O4 - HKLM…\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM…\Run: [PadTouch] “C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [rundll32] C:\Program Files\Common Files\rundll32.exe O4 - HKLM…\Run: [sYSTEMS] C:\Program Files\Common Files\rundll32.exe O4 - HKLM…\Run: [load] C:\WINDOWS\uninstall\rundl132.exe O4 - HKLM…\Run: [wsye] C:\WINDOWS\WINLOGON.EXE O4 - HKLM…\Run: [wsvbs] C:\WINDOWS\RUNDLL32.exe O4 - HKLM…\Run: [synu] C:\WINDOWS\svchost.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [system] C:\WINDOWS\System32\kernels32.exe O4 - HKLM…\Run: [uvnx] c:\windows\system32\uvnx.exe O4 - HKLM…\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing) O9 - Extra ‘Tools’ menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Broken Internet access because of LSP provider ‘c:\windows\system32\msnetax.dll’ missing O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://217.118.110.47/SysCamInst.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://www.viidoo.com/TVUAx.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10257-69.exe O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: 235780M.BMP O20 - Winlogon Notify: A3dxq - C:\WINDOWS\System32\a3dxq.dll (file missing) O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe” -e te-110-12-0000338 (file missing) O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: GEARSecurity GEARSecurityCryptSvc (GEARSecurityCryptSvc) - Unknown owner - C:\WINDOWS\System32\ActSkn43x.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ “{08358D74-0BF3-1045-1218-030218200030}” = ““C:\Program Files\Common Files{08358D74-0BF3-1045-1218-030218200030}\Update.exe” te-110-12-0000271” [file not found] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Windows update loader” = “C:\Windows\xpupdate.exe” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “TouchED” = “C:\Program Files\TOSHIBA\TouchED\TouchED.Exe” [“TOSHIBA Corporation”] “PadTouch” = "“C:\Program Files\TOSHIBA\PadTouch\PadExe.exe” [file not found] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “rundll32” = “C:\Program Files\Common Files\rundll32.exe” [file not found] “SYSTEMS” = “C:\Program Files\Common Files\rundll32.exe” [file not found] “load” = “C:\WINDOWS\uninstall\rundl132.exe” [null data] “wsye” = “C:\WINDOWS\WINLOGON.EXE” [file not found] “wsvbs” = “C:\WINDOWS\RUNDLL32.exe” [file not found] “synu” = “C:\WINDOWS\svchost.exe” [MS] “IpWins” = “C:\Program Files\Ipwindows\ipwins.exe” [file not found] “TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”] “System” = “C:\WINDOWS\System32\kernels32.exe” [file not found] “uvnx” = “c:\windows\system32\uvnx.exe” [file not found] “spoolsvv” = “C:\WINDOWS\System32\spoolsvv.exe” [file not found] “Zone Labs Client” = ““C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”” [“Zone Labs, LLC”] “UserFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -u” [MS] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided) \StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll” [“BitComet”] {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}(Default) = (no title provided) -> {HKLM…CLSID} = “CdnForIE Class” \InProcServer32(Default) = “C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll” [file not found] {C1B4DEC2-2623-438e-9CA2-C9043AB28508}(Default) = (no title provided) -> {HKLM…CLSID} = “Bar888” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1{38358~1\Bar888.dll” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{C4213067-97B3-4929-9B98-B5600FBBBA13}” = “TouchED” -> {HKLM…CLSID} = “TouchShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\TOSHIBA\TouchED\TouchED.dll” [“TOSHIBA Corporation”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}” = “ShellPlusContextMenu” -> {HKLM…CLSID} = “Burn4Freecontext menu” \InProcServer32(Default) = “C:\WINDOWS\system32\B4FM.dll” [null data] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}” = “Context Menu Shell Extension” -> {HKLM…CLSID} = “Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TAGREN~1\TRshell.dll” [“Softpointer Inc”] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\System32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\System32\dfshim.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “ewido anti-spyware 4.0” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “load” = “C:\YDPDict\watch.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! “AppInit_DLLs” = “235780M.BMP” [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! A3dxq\DLLName = “C:\WINDOWS\System32\a3dxq.dll” [file not found] INFECTION WARNING! rpcc\DLLName = “C:\WINDOWS\System32\rpcc.dll” [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {66742402-F9B9-11D1-A202-0000F81FEDEE}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\SHELL32.dll” [MS] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ DiskChecker(Default) = “{1FE33981-7BF7-11d3-97B7-0020AF892ACF}” -> {HKLM…CLSID} = “Disk Checker Extension” \InProcServer32(Default) = “chckshll.dll” [empty string] ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”] TagRename_ContextMenu(Default) = “{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}” -> {HKLM…CLSID} = “Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TAGREN~1\TRshell.dll” [“Softpointer Inc”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ DiskChecker(Default) = “{1FE33981-7BF7-11d3-97B7-0020AF892ACF}” -> {HKLM…CLSID} = “Disk Checker Extension” \InProcServer32(Default) = “chckshll.dll” [empty string] TagRename_ContextMenu(Default) = “{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}” -> {HKLM…CLSID} = “Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\TAGREN~1\TRshell.dll” [“Softpointer Inc”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] Group Policies [Description]: ----------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ HIJACK WARNING! “ForceActiveDesktopOn”=dword:00000001 [enables Active Desktop and prevents disabling it] HIJACK WARNING! “Wallpaper” = “C:\WINDOWS\desktop.html” [disables the Display Properties|Desktop (tab) (except the “Customize Desktop…” button); selects wallpaper if Active Desktop is enabled] Active Desktop and Wallpaper: ----------------------------- Active Desktop enabled via Group Policy. Wallpaper selected via Group Policy. Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Cezary” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Adobe Reader Synchronizer” -> shortcut to: “C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe” [null data] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “Szybkie uruchamianie programu Microsoft Office OneNote 2003” -> shortcut to: “C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr” [MS] Enabled Scheduled Tasks: ------------------------ “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\System32\msnetax.dll [file not found], 01 - 24, 49 %SystemRoot%\system32\mswsock.dll [MS], 25 - 27, 30 - 48 %SystemRoot%\system32\rsvpsp.dll [MS], 28 - 29 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{C1B4DEC2-2623-438E-9CA2-C9043AB28508}” = (no title provided) -> {HKLM…CLSID} = “Bar888” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1{38358~1\Bar888.dll” [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}\ “ButtonText” = “Chinese Navigation” “MenuText” = “Chinese Navigation” “CLSIDExtension” = “{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}” -> {HKLM…CLSID} = “CdnForIE Class” \InProcServer32(Default) = “C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll” [file not found] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) Added lines (compared with English-language version): [strings]: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html Missing lines (compared with English-language version): [strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Agent SAP, NwSapAgent, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\ipxsap.dll” [MS]} ConfigFree Service, CFSvcs, “C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe” [“TOSHIBA CORPORATION”] DVD-RAM_Service, DVD-RAM_Service, “C:\WINDOWS\System32\DVDRAMSV.exe” [“Matsushita Electric Industrial Co., Ltd.”] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, “C:\Program Files\ewido anti-spyware 4.0\guard.exe” [“Anti-Malware Development a.s.”] GEARSecurity, GEARSecurity, “C:\WINDOWS\System32\GEARSec.exe” [“GEAR Software”] Norton Ghost, Norton Ghost, “C:\Program Files\Norton Ghost\Agent\VProSvc.exe” [“Symantec Corporation”] SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] Symantec Core LC, Symantec Core LC, “C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON V4 Monitor3SA\Driver = “EBPMON3.DLL” [“SEIKO EPSON CORPORATION”] hpzlnt05\Driver = “hpzlnt05.dll” [“HP”] Monitor 2 języka BJ\Driver = “CNBJMON2.DLL” [MS] Monitor języka PJL\Driver = “PJLMON.DLL” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 771 seconds, including 18 seconds for message boxes)

proszę o pomoc

adam9870 · 15 Marzec 2007 21:11

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINDOWS\svchost.exe

C:\WINDOWS\System32\svchosts.exe

C:\WINDOWS\uninstall\rundl132.exe

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] “{08358D74-0BF3-1045-1218-030218200030}”=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Windows update loader”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “rundll32”=- “SYSTEMS”=- “load”=- “wsye”=- “wsvbs”=- “synu”=- “IpWins”=- “System”=- “uvnx”=- “spoolsvv”=- [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{C1B4DEC2-2623-438e-9CA2-C9043AB28508}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”="" [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\A3dxq] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] “ForceActiveDesktopOn”=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] “Wallpaper”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] “{C1B4DEC2-2623-438E-9CA2-C9043AB28508}”=- [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {435DBFC5-BF5B-8FF7-B8B8-780126B8D2CD} - (no file) O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing) O2 - BHO: (no name) - {762F008D-0013-BA85-F007-0A346E07A0F8} - (no file) O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1{38358~1\Bar888.dll (file missing) O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1{38358~1\Bar888.dll (file missing) O4 - HKLM…\Run: [rundll32] C:\Program Files\Common Files\rundll32.exe O4 - HKLM…\Run: [sYSTEMS] C:\Program Files\Common Files\rundll32.exe O4 - HKLM…\Run: [load] C:\WINDOWS\uninstall\rundl132.exe O4 - HKLM…\Run: [wsye] C:\WINDOWS\WINLOGON.EXE O4 - HKLM…\Run: [wsvbs] C:\WINDOWS\RUNDLL32.exe O4 - HKLM…\Run: [synu] C:\WINDOWS\svchost.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe O4 - HKLM…\Run: [system] C:\WINDOWS\System32\kernels32.exe O4 - HKLM…\Run: [uvnx] c:\windows\system32\uvnx.exe O4 - HKLM…\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU…\Run: [Windows update loader] C:\Windows\xpupdate.exe O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing) O9 - Extra ‘Tools’ menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing) O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10257-69.exe O20 - AppInit_DLLs: 235780M.BMP O20 - Winlogon Notify: A3dxq - C:\WINDOWS\System32\a3dxq.dll (file missing) O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing) O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000338 (file missing)

Usuń wpisy HJT.

Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Pobierz i odpal LSP-Fix zaznacz " I know what I’m doing" następnie w okienku Keep zaznacz bibliotekę msnetax.dll i za pomocą strzałki (>>) przenieś ją do okienka Remover i kliknij Finish i restart.

Po wykonaniu wklej komplet nowych logów:

[*:3pqnmlkl]SilentRunners
Comboscan

krokodyl1 · 16 Marzec 2007 00:03

w linku są logi w powyższej kolejności

http://s000.wyslijto.pl/index.php?file_ … =&gk=forex

sdar · 16 Marzec 2007 09:20

Jeśli to wszystko co masz do powiedzenia w tym dziale to możesz sobie smiało darować.

OT -> KOSZ

adam9870 · 16 Marzec 2007 10:27

Pożegnaj się z programami do oglądania meczyków takich jak TVAnts.

W dodań/usuń programy odinstaluj Bar888, IpWins, Outerinfo, Playboy Screensaver, PPLive, PPMateÍřÂçľçĘÓ, TVAnts, TVUPlayer, Video ActiveX Object.

Otwórz Notatnik i wklej w nim to:

gmer -del service *wuauclt.exe gmer -del service ntio256 gmer -del service ntldr.sys gmer -del service PowerManager gmer -del service qqq gmer -del service Win32DDS gmer -del service WinDHCPsvc gmer -del file C:\WINDOWS\System32\wumct.exe gmer -del file C:\WINDOWS\System32\ntio256.sys gmer -del file C:\WINDOWS\svchost.exe gmer -del file C:\WINDOWS\Setup1.exe gmer -del file C:\WINDOWS\ST6UNST.EXE gmer -del file C:\WINDOWS\RichDll.dll gmer -del file C:\WINDOWS\Logo1_.exe gmer -del file C:\WINDOWS\reg7123.exe gmer -del file C:\rys2[1].dat gmer -del file C:\WINDOWS\System32\mlfcache.dat gmer -del file C:\media[1].dat gmer -del file C:\Program Files\Common Files{38358D74-0BF3-1045-1218-030218200030} gmer -del file C:\Program Files\Ipwindows gmer -del file C:\Program Files\Outerinfo gmer -del file C:\Program Files\Playboy Screensaver gmer -del file C:\Program Files\PPLive gmer -del file C:\Program Files\PPMate gmer -del file C:\PROGRA~1\TVAnts gmer -del file C:\Program Files\TVUPlayer gmer -del file C:\Program Files\Video ActiveX Object gmer -del file C:\WINDOWS\System32\sqlwhdb.dat gmer -del file C:\WINDOWS\System32\msvcv70y.dat gmer -del file C:\WINDOWS\System32\mstsdax.dat gmer -del file C:\WINDOWS\System32\kbdlrzoa.dat gmer -del file C:\WINDOWS\System32\Thcixm.dat gmer -del file C:\WINDOWS\System32\safrwdlg.dat gmer -del file C:\WINDOWS\System32\psapo.dat gmer -del file C:\WINDOWS\System32\ddrawqx.dat gmer -del file C:\WINDOWS\System32\routvtab.dat gmer -reboot

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Pobierz Gmer’a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

Po resecie otwórz Gmer’a i w zakładce CMD z zaznaczoną opcją REGEDIT.EXE wklej:

Windows Registry Editor Version 5.00 [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “Microsoft Windows Update”=- “Internet Suspention”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “Msn Update”=- “MSN”=- “Microsoft Directxsp”=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] “Microsoft Windows Update”=- “Internet Suspention”=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices] “Msn Update”=- “MSN”=- “Microsoft Directxsp”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Sygate Personal Firewall”=- “Microsoft Windows Update”=- “*windows update”=- “Msn Update”=- “*wuauclt”=- “MSN”=- “*wuauclt.exe”=- “svphost.exe”=- “Internet Suspention”=- “*Security Center”=- “*SCenter”=- “Microsoft Directxsp”=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “Sygate Personal Firewall”=- “Microsoft Windows Update”=- “*windows update”=- “Msn Update”=- “*wuauclt”=- “MSN”=- “*wuauclt.exe”=- “svphost.exe”=- “Internet Suspention”=- “*Security Center”=- “*SCenter”=- “Microsoft Directxsp”=- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] “{08358D74-0BF3-1045-1218-030218200030}”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer\Run] “windows update”=- “*windows update”=- “*wuauclt”=- “*wuauclt.exe”=- “*Security Center”=- “*SCenter”=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run] “windows update”=- “*windows update”=- “*wuauclt”=- “*wuauclt.exe”=- “*Security Center”=- “*SCenter”=-

Kliknij Uruchom i reset.

Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Użyj szczepionki przeciwko Jeefo:

http://wirusy.antivirenkit.pl/pl/szczepionki/Jeefo.html

Przeskanuj system:

http://www.kaspersky.pl/virusscanner.html

http://www.ewido.net/en/

I usuń wszystko, co zostanie znalezione.

Wykonaj tą radę: KLIK.

Po wykonaniu wklej nowy log z Comboscan i dwa logi z Gmer’a bez względu na to czy w Gmerze podczas usuwania pokaże się jakiś błąd, czy nie.

krokodyl1 · 16 Marzec 2007 13:38

Doszedłem do momentu gdzie mam zrobić skany online ale komp chodzi tak wolno że można zwątpić, większość programów nie chce się otwierać, w tym żadna przeglądarka, a w awaryjnym nie da się odpalić neostrady mimo że w normalnym trybie chodzi dobrze, praktycznie po kilku minutach komp sie zawiesza, robię restart i tak w kółko…

adam9870 · 16 Marzec 2007 13:42

Czy podczas gdy masz listę systemów do wyboru wybierasz, aby na pewno Tryb awaryjny z obsługą sieci?

Jeśli uda Ci się chociaż zrobić log z Comboscan i log z Gmer’a wykonany przy ustawieniu usługi + pokazuj wszystko to je wklej.

krokodyl1 · 16 Marzec 2007 15:19

tak, wybierałem tryb z obsługą sieci. udało mi się tylko zrobić skan jeefo, który chciał wyrzucić prawie wszystkie pliki exe z dysku, niżej logi z comboscan i gmera

ComboScan v20070306.20 run by Cezary on 2007-03-16 at 16:08:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as Cezary.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 16:12:14, on 2007-03-16 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\TOSHIBA\PadTouch\PadExe.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\taskbaricon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Cezary\Pulpit\naprawa\comboscan.exe C:\WINDOWS\svchost.exe C:\DOCUME~1\Cezary\Pulpit\HIJACK~1\Cezary.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe F3 - REG:win.ini: load=C:\YDPDict\watch.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM…\Run: [PadTouch] “C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://217.118.110.47/SysCamInst.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://www.viidoo.com/TVUAx.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O18 - Protocol: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\SchmapDocLib.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: GEARSecurity GEARSecurityCryptSvc (GEARSecurityCryptSvc) - Unknown owner - C:\WINDOWS\System32\ActSkn43x.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe – Files created between 2007-02-16 and 2007-03-16 ----------------------------- 2007-03-16 14:32:16 0 --a------ C:\WINDOWS\System32\OUTLWAB.dat 2007-03-16 14:32:16 0 --a------ C:\WINDOWS\System32\lmhsvnv.dat 2007-03-16 13:31:09 1761 --a------ C:\WINDOWS\gmer.reg 2007-03-16 13:04:50 167 --a------ C:\WINDOWS\System32\routvtab.dat 2007-03-16 13:04:50 744 --a------ C:\WINDOWS\System32\mdwmdgsp.dat 2007-03-16 13:04:50 0 --a------ C:\WINDOWS\System32\kbdlvgm.dat 2007-03-16 13:04:50 0 --a------ C:\WINDOWS\System32\IntegNic.dat 2007-03-16 13:04:50 0 --a------ C:\WINDOWS\System32\FM20TG.dat 2007-03-16 01:40:38 2 --a------ C:\WINDOWS\System32\wnsintit.exe 2007-03-16 01:10:43 20480 --a------ C:\WINDOWS\System32\msnetax.dll 2007-03-16 00:42:50 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-15 23:41:29 0 d-------- C:!KillBox 2007-03-15 11:53:34 4212 —h----- C:\WINDOWS\System32\zllictbl.dat 2007-03-15 11:52:45 0 d-------- C:\WINDOWS\System32\ZoneLabs 2007-03-15 11:52:06 0 d-------- C:\WINDOWS\Internet Logs 2007-03-13 16:53:20 0 d-------- C:\WINDOWS\ServicePackFiles 2007-03-12 14:37:27 10752 --a------ C:\WINDOWS\System32\ff_vfw.dll 2007-03-12 14:19:00 0 d-------- C:\Program Files\QuickTime Alternative 2007-03-12 14:19:00 0 d-------- C:\Program Files\Media Player Classic 2007-03-07 12:26:29 0 d-------- C:\Program Files\Azureus 2007-03-05 20:52:56 0 --a------ C:\WINDOWS\System32\Thcixm.dat 2007-03-05 20:52:56 56247 --a------ C:\WINDOWS\System32\safrwdlg.dat 2007-03-05 20:52:56 26225 --a------ C:\WINDOWS\System32\psapo.dat 2007-03-05 20:52:56 0 --a------ C:\WINDOWS\System32\ddrawqx.dat 2007-03-02 19:31:11 0 d-------- C:\Program Files\LanMon 2007-02-27 17:57:12 1168 --a------ C:\WINDOWS\mozver.dat 2007-02-21 21:55:23 0 --a------ C:\WINDOWS\nsreg.dat 2007-02-21 21:54:42 0 d-------- C:\Program Files\Mozilla Firefox – Find3M Report --------------------------------------------------------------- 2007-03-16 16:00:58 0 d-------- C:\Program Files\Neostrada TP 2007-03-16 13:47:01 0 d-------- C:\Program Files\DC++ 2007-03-16 01:51:03 0 d-------- C:\Documents and Settings\Cezary\Dane aplikacji\Azureus 2007-03-16 01:43:30 0 d-a------ C:\Program Files\TVAnts 2007-03-15 02:31:05 0 d-------- C:\Documents and Settings\Cezary\Dane aplikacji\ppStream 2007-03-13 16:53:20 60928 --a------ C:\WINDOWS\System32\mswsock.dll 2007-03-12 14:37:27 0 d-------- C:\Program Files\ffdshow 2007-03-12 14:20:47 0 d-------- C:\Documents and Settings\Cezary\Dane aplikacji\Media Player Classic 2007-03-12 14:19:00 0 d-------- C:\Documents and Settings\Cezary\Dane aplikacji\Apple Computer 2007-03-12 14:03:56 0 d-------- C:\Documents and Settings\Cezary\Dane aplikacji\MPEG Streamclip 2007-03-10 22:12:08 0 d-------- C:\Documents and Settings\Cezary\Dane aplikacji\Skype 2007-03-07 01:05:29 0 d-------- C:\Program Files\BitComet 2007-03-06 16:36:45 0 d-------- C:\Program Files\eMule 2007-03-06 02:08:35 0 d-------- C:\Program Files\Common Files\Adobe 2007-02-21 21:55:10 0 d-------- C:\Documents and Settings\Cezary\Dane aplikacji\Mozilla 2007-02-16 20:31:42 2560 --a------ C:\WINDOWS\System32\BitCometRes.dll 2007-02-12 18:30:32 0 d-------- C:\Program Files\SkanerOnline 2007-02-12 18:01:27 0 d-------- C:\Program Files\ArcaOnline 2007-02-12 01:15:11 192000 -----n— C:\WINDOWS\System32\RAMASST.exe 2007-02-12 01:13:53 192000 --a------ C:\WINDOWS\System32\igfxtray.exe 2007-02-12 01:13:48 187904 --a----c- C:\WINDOWS\System32\igfxdiag.exe 2007-02-11 21:47:56 151040 --a------ C:\WINDOWS\System32\hkcmd.exe 2007-02-11 16:55:29 146944 --a----c- C:\WINDOWS\System32\cselect.exe 2007-02-11 16:53:06 175616 --a------ C:\WINDOWS\TChkCDRW.exe 2007-02-11 16:53:05 175616 --a------ C:\WINDOWS\TChkDVDRWonly.exe 2007-02-11 16:50:54 192000 --a------ C:\WINDOWS\System32\NeroCheck.exe 2007-02-11 16:50:52 211736 --a------ C:\WINDOWS\System32\wuauclt1.exe 2007-02-11 16:46:55 175616 --a------ C:\WINDOWS\System32\ArcaOnlineUninstall.exe 2007-02-11 16:46:14 167424 --a------ C:\WINDOWS\ChgRXPWT.exe 2007-02-03 17:01:47 0 d-------- C:\Program Files\InetGet2 2007-02-03 14:51:18 57344 --a------ C:\WINDOWS\System32\mmtask.dll 2007-02-03 14:51:18 49664 --a------ C:\WINDOWS\System32\MCI32.dll 2007-01-24 19:35:01 0 d-------- C:\Program Files\Common Files\Logitech 2007-01-24 16:00:56 0 d-------- C:\Program Files\Skype 2007-01-24 16:00:56 0 d-------- C:\Program Files\Common Files\Skype 2007-01-22 12:00:36 719088 --a------ C:\WINDOWS\System32\SkanerOnline.dll 2007-01-20 13:36:53 0 d-------- C:\Documents and Settings\Cezary\Dane aplikacji.ABC 2007-01-19 09:40:42 89088 --a------ C:\WINDOWS\System32\SkanerOnlineUninstall.exe 2007-01-17 14:45:53 0 d-------- C:\Program Files\GetRight 2007-01-04 14:36:16 848 --ahs---- C:\WINDOWS\System32\KGyGaAvL.sys – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “TouchED”=“C:\Program Files\TOSHIBA\TouchED\TouchED.Exe” “PadTouch”=”“C:\Program Files\TOSHIBA\PadTouch\PadExe.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “Zone Labs Client”="“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“ewido anti-spyware 4.0” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoCDBurning”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{d3fd488b-d538-11d8-9860-806d6172696f}] shell\play\command “C:\Program Files\InterVideo\WinDVD4\WinDVD.exe” %1 – End of ComboScan: finished at 2007-03-16 at 16:12:41 ------------------------

GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2007-03-16 16:15:21 Windows 5.1.2600 Dodatek Service Pack. 1 ---- Services - GMER 1.0.10 ---- Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] ASPI32 Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [AUTO] ccEvtMgr Service C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [AUTO] ccSetMgr Service C:\Program Files\InfinaDyne\Shared\CDRPDACC.SYS [AUTO] CDRPDACC Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [AUTO] CFSvcs Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service C:\WINDOWS\System32\DVDRAMSV.exe [AUTO] DVD-RAM_Service Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\Program Files\ewido anti-spyware 4.0\guard.exe [AUTO] ewido anti-spyware 4.0 guard Service C:\WINDOWS\System32\GEARSec.exe [AUTO] GEARSecurity Service C:\WINDOWS\System32\ActSkn43x.exe [AUTO] GEARSecurityCryptSvc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\System32\svchost.exe [AUTO] Messenger Service C:\WINDOWS\System32\DRIVERS\netbt.sys [AUTO] NetBT Service C:\WINDOWS\System32\DRIVERS\netdevio.sys [AUTO] Netdevio Service C:\Program Files\Norton Ghost\Agent\VProSvc.exe [AUTO] Norton Ghost Service C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [AUTO] NwlnkIpx Service C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [AUTO] NwlnkNb Service C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [AUTO] NwlnkSpx Service C:\WINDOWS\System32\svchost.exe [AUTO] NwSapAgent Service [AUTO] ParVdm Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\svchost.exe [AUTO] PowerManager Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\Drivers\SbcpHid.sys [AUTO] SbcpHid Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service [AUTO] Serial Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [AUTO] Symantec Core LC Service C:\WINDOWS\System32\drivers\symlcbrd.sys [AUTO] symlcbrd Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service [AUTO] tossmbnt Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service C:\WINDOWS\System32\Drivers\TSKNF501.SYS [AUTO] TSKNF501.SYS Service C:\WINDOWS\System32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe [AUTO] vsmon Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service C:\WINDOWS\System32\DRIVERS\compbatt.sys [bOOT] Compbatt Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service [bOOT] KSecDD Service [bOOT] MountMgr Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys [bOOT] ohci1394 Service [bOOT] PartMgr Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service C:\WINDOWS\System32\DRIVERS\pciide.sys [bOOT] PCIIde Service C:\WINDOWS\System32\DRIVERS\pcmcia.sys [bOOT] Pcmcia Service system32\drivers\ProcPt.sys [bOOT] ProcPt Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\ZoneLabs\srescan.sys [bOOT] srescan Service [bOOT] SymSnap Service C:\WINDOWS\System32\DRIVERS\TVALZ.SYS [bOOT] TVALZ Service [bOOT] VolSnap Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service [DISABLED] AliIde Service [DISABLED] amsint Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service [DISABLED] Atdisk Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [DISABLED] Cdfs Service [DISABLED] CmdIde Service [DISABLED] Cpqarray Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [DISABLED] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [DISABLED] dmload Service [DISABLED] dpti2o Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service [DISABLED] i2omp Service [DISABLED] ini910u Service [DISABLED] mraid35x Service [DISABLED] Ntfs Service [DISABLED] perc2 Service [DISABLED] perc2hib Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service [DISABLED] Simbad Service [DISABLED] Sparrow Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service [DISABLED] TosIde Service [DISABLED] Udfs Service [DISABLED] ultra Service [DISABLED] ViaIde Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [MANUAL] ApfiltrService Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service C:\WINDOWS\System32\DRIVERS\ar5211.sys [MANUAL] AR5211 Service C:\WINDOWS\System32\DRIVERS\arp1394.sys [MANUAL] Arp1394 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE Service C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [MANUAL] ccPwdSvc Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service C:\WINDOWS\System32\DRIVERS\CmBatt.sys [MANUAL] CmBatt Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\DRIVERS\e100b325.sys [MANUAL] E100B Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [MANUAL] ialm Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [MANUAL] intelppm Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPodService Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service C:\WINDOWS\system32\drivers\lvusbsta.sys [MANUAL] LVUSBSta Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE Service C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC Service C:\WINDOWS\System32\DRIVERS\NdisIP.sys [MANUAL] NdisIP Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\DRIVERS\nic1394.sys [MANUAL] NIC1394 Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\WINDOWS\System32\DRIVERS\npf.sys [MANUAL] NPF Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service C:\WINDOWS\System32\DRIVERS\tossdpci.sys [MANUAL] pciSd Service System32\Drivers\Pcouffin.sys [MANUAL] Pcouffin Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] Pfc Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\DRIVERS\LVCM.sys [MANUAL] QCMerced Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe [MANUAL] SandraDataSrv Service C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe [MANUAL] SandraTheSrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\DRIVERS\SLIP.sys [MANUAL] SLIP Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1 Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\DRIVERS\StreamIP.sys [MANUAL] streamip Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\DRIVERS\LTSM.sys [MANUAL] TOSHIBASoftModem Service C:\WINDOWS\System32\DRIVERS\tsdhd.sys [MANUAL] tsdhd Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\drivers\usbaudio.sys [MANUAL] usbaudio Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service [MANUAL] Winsock Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\Drivers\wpdusb.sys [MANUAL] WpdUsb Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [MANUAL] WS2IFSL Service C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC Service C:\WINDOWS\system32\drivers\ialmsbw.sys [MANUAL] {6080A529-897E-4629-A488-ABA0C29B635E} Service C:\WINDOWS\system32\drivers\ialmkchw.sys [MANUAL] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} Service C:\WINDOWS\system32\drivers\wA301a.sys [MANUAL] {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} Service [sYSTEM] Beep Service [sYSTEM] Cdaudio Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [sYSTEM] eeCtrl Service C:\Program Files\ewido anti-spyware 4.0\guard.sys [sYSTEM] ewido anti-spyware 4.0 driver Service [sYSTEM] Fdc Service [sYSTEM] Fips Service [sYSTEM] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [sYSTEM] GEARAspiWDM Service [sYSTEM] i2omgmt Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service [sYSTEM] lbrtfdc Service C:\WINDOWS\System32\Drivers\meiudf.sys [sYSTEM] meiudf Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service [sYSTEM] Msfs Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service [sYSTEM] Npfs Service [sYSTEM] Null Service [sYSTEM] PCIDump Service [sYSTEM] PQNTDrv Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service [sYSTEM] V2IMount Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\System32\vsdatant.sys [sYSTEM] vsdatant ---- EOF - GMER 1.0.10 ----

adam9870 · 16 Marzec 2007 16:20

Przeskanuj plik C:\WINDOWS\System32\mmtask.dll na stronie http://www.virustotal.com/ a jeśli okaże się szkodliwy to na początku pliku FIX.BAT dodaj linijkę:

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

W zakładce Procesy kliknij Gmer awaryjny >>> nastąpi reset i pozostanie samo okienko Gmer’a >>> w zakładce Procesy przez … (trzy kropki) wskaż plik FIX.BAT >>> przez chwilkę mignie ekran i nastąpi reset.

Użyj WinSockFix.

Użyj szczepionki przeciwko Jeefo:

http://wirusy.antivirenkit.pl/pl/szczepionki/Jeefo.html

Przeskanuj system:

http://www.kaspersky.pl/virusscanner.html

http://www.ewido.net/en/

I usuń wszystko, co zostanie znalezione.

Po wykonaniu wklej nowy log z Gmer’a wykonany przy ustawieniu usługi + pokazuj wszystko i log z ComboFix.

UWAGA: Jeśli nie będziesz mógł przeskanować którymś ze skanerów on-line ponieważ komputer będzie się restartował to spróbuj skorzystać z metody opisanej tutaj:

http://www.gmer.net/antivirus.php?lang=pl

krokodyl1 · 16 Marzec 2007 20:55

skanu na stronie mi sie nie udało zrobić w żadnym trybie, nawet w Gmerze, bo się szybko zawieszał albo nawet ze skanem nie mógł wystartować

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-16 20:57:42 Windows 5.1.2600 Dodatek Service Pack. 1 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [MANUAL] ApfiltrService Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service C:\WINDOWS\System32\DRIVERS\ar5211.sys [MANUAL] AR5211 Service C:\WINDOWS\System32\DRIVERS\arp1394.sys [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] ASPI32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE Service C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [AUTO] ccEvtMgr Service C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [MANUAL] ccPwdSvc Service C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [AUTO] ccSetMgr Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service cdnprot Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service C:\Program Files\InfinaDyne\Shared\CDRPDACC.SYS [AUTO] CDRPDACC Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [AUTO] CFSvcs Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service C:\WINDOWS\System32\DRIVERS\CmBatt.sys [MANUAL] CmBatt Service [DISABLED] CmdIde Service C:\WINDOWS\System32\DRIVERS\compbatt.sys [bOOT] Compbatt Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [DISABLED] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [DISABLED] dmload Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\DVDRAMSV.exe [AUTO] DVD-RAM_Service Service C:\WINDOWS\System32\DRIVERS\e100b325.sys [MANUAL] E100B Service C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [sYSTEM] eeCtrl Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service C:\Program Files\ewido anti-spyware 4.0\guard.sys [sYSTEM] ewido anti-spyware 4.0 driver Service C:\Program Files\ewido anti-spyware 4.0\guard.exe [AUTO] ewido anti-spyware 4.0 guard Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service [sYSTEM] Fdc Service [sYSTEM] Fips Service [sYSTEM] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service fwdrv Service C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [sYSTEM] GEARAspiWDM Service C:\WINDOWS\System32\GEARSec.exe [AUTO] GEARSecurity Service C:\WINDOWS\System32\ActSkn43x.exe [AUTO] GEARSecurityCryptSvc Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [MANUAL] ialm Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\System32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [MANUAL] intelppm Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPodService Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service ldaps Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\drivers\lvusbsta.sys [MANUAL] LVUSBSta Service C:\WINDOWS\System32\Drivers\meiudf.sys [sYSTEM] meiudf Service C:\WINDOWS\System32\svchost.exe [AUTO] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\irdvxc.exe [AUTO] MSDisk Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE Service [bOOT] Mup Service C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\NdisIP.sys [MANUAL] NdisIP Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [AUTO] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\DRIVERS\netdevio.sys [AUTO] Netdevio Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\DRIVERS\nic1394.sys [MANUAL] NIC1394 Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\Program Files\Norton Ghost\Agent\VProSvc.exe [AUTO] Norton Ghost Service C:\WINDOWS\System32\DRIVERS\npf.sys [MANUAL] NPF Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [AUTO] NwlnkIpx Service C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [AUTO] NwlnkNb Service C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [AUTO] NwlnkSpx Service C:\WINDOWS\System32\svchost.exe [AUTO] NwSapAgent Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys [bOOT] ohci1394 Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\pciide.sys [bOOT] PCIIde Service C:\WINDOWS\System32\DRIVERS\tossdpci.sys [MANUAL] pciSd Service C:\WINDOWS\System32\DRIVERS\pcmcia.sys [bOOT] Pcmcia Service System32\Drivers\Pcouffin.sys [MANUAL] Pcouffin Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] Pfc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\svchost.exe [AUTO] PowerManager Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service [sYSTEM] PQNTDrv Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service system32\drivers\ProcPt.sys [bOOT] ProcPt Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service PxHelper Service C:\WINDOWS\System32\DRIVERS\LVCM.sys [MANUAL] QCMerced Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe [MANUAL] SandraDataSrv Service C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe [MANUAL] SandraTheSrv Service C:\WINDOWS\System32\Drivers\SbcpHid.sys [AUTO] SbcpHid Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service [AUTO] Serial Service [sYSTEM] Sfloppy Service SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\System32\DRIVERS\SLIP.sys [MANUAL] SLIP Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1 Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\ZoneLabs\srescan.sys [bOOT] srescan Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\StreamIP.sys [MANUAL] streamip Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [AUTO] Symantec Core LC Service [DISABLED] symc810 Service [DISABLED] symc8xx Service C:\WINDOWS\System32\drivers\symlcbrd.sys [AUTO] symlcbrd Service [bOOT] SymSnap Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\DRIVERS\LTSM.sys [MANUAL] TOSHIBASoftModem Service [DISABLED] TosIde Service [AUTO] tossmbnt Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\System32\DRIVERS\tsdhd.sys [MANUAL] tsdhd Service C:\WINDOWS\System32\Drivers\TSKNF501.SYS [AUTO] TSKNF501.SYS Service C:\WINDOWS\System32\DRIVERS\TVALZ.SYS [bOOT] TVALZ Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\drivers\usbaudio.sys [MANUAL] usbaudio Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service [sYSTEM] V2IMount Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vsdatant.sys [sYSTEM] vsdatant Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe [AUTO] vsmon Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\Drivers\wpdusb.sys [MANUAL] WpdUsb Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [MANUAL] WS2IFSL Service C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {45E1A176-1889-46B9-96F0-97F9ECA9532F} Service C:\WINDOWS\system32\drivers\ialmsbw.sys [MANUAL] {6080A529-897E-4629-A488-ABA0C29B635E} Service {ADD3E44E-73F3-4934-A39B-5EA54598BE9B} Service C:\WINDOWS\system32\drivers\ialmkchw.sys [MANUAL] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} Service C:\WINDOWS\system32\drivers\wA301a.sys [MANUAL] {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} ---- EOF - GMER 1.0.12 ----

“Cezary” - 07-03-16 21:01:52 Dodatek Service Pack. 1 ComboFix 07-03-15.2 - Running from: “C:\Documents and Settings\Cezary\Pulpit\naprawa” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32.exe C:_desktop.ini C:\DOCUME~1\Cezary\DANEAP~1\Sskcwrd.dll C:\DOCUME~1\Cezary\DANEAP~1\Sskknwrd.dll C:\DOCUME~1\Cezary\DANEAP~1\Sskuknwrd.dll C:\Program Files\Video ActiveX Object\uninst.exe C:\WINDOWS\system32\iexp_log.txt C:\WINDOWS\system32\mm.ini C:\WINDOWS\emdat.tm C:\WINDOWS\emdat.tmp C:\WINDOWS\system32\drivers\npf.sys C:\DOCUME~1\LOCALS~1\DANEAP~1\NetMon C:\DOCUME~1\Cezary\USTAWI~1\DANEAP~1.\Baidu C:\DOCUME~1\Cezary\USTAWI~1\DANEAP~1.\Baidu\bar C:\DOCUME~1\Cezary\USTAWI~1\DANEAP~1.\Baidu\bar\Custom Buttons C:\Program Files\InetGet2 C:\Program Files\Video ActiveX Object C:\WINDOWS\svchost.exe C:\WINDOWS\system32\mswsock_infected.dll C:\WINDOWS\system32\msnetax.dll ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\DOCUME~1 C:\qoobox\purity\DOCUME~1\Cezary C:\qoobox\purity\DOCUME~1\Cezary\DANEAP~1 C:\qoobox\purity\DOCUME~1\Cezary\DANEAP~1\from.txt C:\qoobox\purity\DOCUME~1\Cezary\DANEAP~1\MANTEC~1 ((((((((((((((((((((((((((((((( Files Created from 2007-02-16 to 2007-03-16 )))))))))))))))))))))))))))))))))) 2007-03-16 18:34 538 --a------ C:\WINDOWS\system32\devequmc.dat 2007-03-16 18:34 157 --a------ C:\WINDOWS\system32\routvtab.dat 2007-03-16 18:34 0 --a------ C:\WINDOWS\system32\wiadefyi.dat 2007-03-16 18:34 0 --a------ C:\WINDOWS\system32\usrcvina.dat 2007-03-16 18:34 0 --a------ C:\WINDOWS\system32\fmifkdp.dat 2007-03-16 16:24 184 --a------ C:\WINDOWS\system32\icmpjvfq.dat 2007-03-16 16:24 0 --a------ C:\WINDOWS\system32\txflodn.dat 2007-03-16 16:24 0 --a------ C:\WINDOWS\system32\MSHTMLU.dat 2007-03-16 16:24 0 --a------ C:\WINDOWS\system32\adsldqq.dat 2007-03-16 13:04 0 --a------ C:\WINDOWS\system32\FM20TG.dat 2007-03-16 10:13 50,176 --ahs---- C:\WINDOWS\system32\irdvxc.exe 2007-03-15 23:41 2007-03-15 11:53 4,212 —h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-15 11:52 2007-03-15 11:52 2007-03-13 16:53 2007-03-12 14:37 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-03-12 14:20 2007-03-12 14:19 2007-03-12 14:19 2007-03-12 14:03 2007-03-07 12:26 2007-03-07 12:26 2007-03-02 19:31 2007-02-27 17:57 1,168 --a------ C:\WINDOWS\mozver.dat 2007-02-21 21:55 0 --a------ C:\WINDOWS\nsreg.dat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-16 20:45 -------- d-------- C:\Program Files\neostrada tp 2007-03-16 13:47 -------- d-------- C:\Program Files\dc++ 2007-03-16 01:43 -------- d-a------ C:\Program Files\tvants 2007-03-15 02:31 -------- d-------- C:\DOCUME~1\Cezary\DANEAP~1\ppstream 2007-03-13 16:53 265988 --a------ C:\WINDOWS\system32\drivers\ndis.sys 2007-03-12 14:37 -------- d-------- C:\Program Files\ffdshow 2007-03-10 22:12 -------- d-------- C:\DOCUME~1\Cezary\DANEAP~1\skype 2007-03-07 01:05 -------- d-------- C:\Program Files\bitcomet 2007-03-06 16:36 -------- d-------- C:\Program Files\emule 2007-02-16 20:31 2560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-02-12 18:30 -------- d-------- C:\Program Files\skaneronline 2007-02-12 01:15 192000 --------- C:\WINDOWS\system32\ramasst.exe 2007-02-12 01:13 192000 --a------ C:\WINDOWS\system32\igfxtray.exe 2007-02-12 01:13 187904 --a–c— C:\WINDOWS\system32\igfxdiag.exe 2007-02-11 21:47 151040 --a------ C:\WINDOWS\system32\hkcmd.exe 2007-02-11 16:55 146944 --a–c— C:\WINDOWS\system32\cselect.exe 2007-02-11 16:53 175616 --a------ C:\WINDOWS\tchkdvdrwonly.exe 2007-02-11 16:53 175616 --a------ C:\WINDOWS\tchkcdrw.exe 2007-02-11 16:50 211736 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-02-11 16:50 192000 --a------ C:\WINDOWS\system32\nerocheck.exe 2007-02-11 16:46 175616 --a------ C:\WINDOWS\system32\arcaonlineuninstall.exe 2007-02-11 16:46 167424 --a------ C:\WINDOWS\chgrxpwt.exe 2007-02-03 14:51 57344 --a------ C:\WINDOWS\system32\mmtask.dll 2007-02-03 14:51 49664 --a------ C:\WINDOWS\system32\mci32.dll 2007-01-24 16:00 -------- d-------- C:\Program Files\skype 2007-01-24 16:00 -------- d-------- C:\Program Files\Common Files\skype 2007-01-22 12:00 719088 --a------ C:\WINDOWS\system32\skaneronline.dll 2007-01-19 09:40 89088 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2007-01-17 14:45 -------- d-------- C:\Program Files\getright 2007-01-04 14:36 848 --ahs---- C:\WINDOWS\system32\kgygaavl.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “TouchED”=“C:\Program Files\TOSHIBA\TouchED\TouchED.Exe” “PadTouch”="“C:\Program Files\TOSHIBA\PadTouch\PadExe.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “Zone Labs Client”="“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“ewido anti-spyware 4.0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoCDBurning”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{d3fd488b-d538-11d8-9860-806d6172696f}] shell\play\command “C:\Program Files\InterVideo\WinDVD4\WinDVD.exe” %1 Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-16 21:51:32

adam9870 · 16 Marzec 2007 21:44

Pobierz The avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w lupkę => w okienku, które się otworzy wklej:

=> Kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po resecie może pojawić się okienko na dosłownie kilka sekund oraz log w notatniku. Wejdź tam gdzie masz avengera i skasuj plik backup.zip czyli np. c:\avenger\backup.zip.

Po wykonaniu wklej nowy log z combofixa, gmera (usługi + pokazuj wszystko) oraz zawartość pliku c:\avenger.txt

krokodyl1 · 16 Marzec 2007 22:21

po wszystkim w katalogu avengera nie było pliku backup.zip, ogólnie już jest dużo lepiej, programy i przeglądarki chodzą tylko neostrada się sama rozłącza

po parunastu sekundach albo kilku minutach

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mwshvmpt ******************* Script file located at: ??\C:\WINDOWS\mgdgcojr.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Driver MSDisk unloaded successfully. Registry key \Registry\Machine\System\CurrentControlSet\Services\NPF not found! Unload of driver NPF failed! Could not process line: NPF Status: 0xc0000034 Folder C:\Program Files\tvants deleted successfully. Folder C:\qoobox deleted successfully. Folder C:!KillBox deleted successfully. File C:\WINDOWS\system32\devequmc.dat deleted successfully. File C:\WINDOWS\system32\routvtab.dat deleted successfully. File C:\WINDOWS\system32\wiadefyi.dat deleted successfully. File C:\WINDOWS\system32\usrcvina.dat deleted successfully. File C:\WINDOWS\system32\fmifkdp.dat deleted successfully. File C:\WINDOWS\system32\icmpjvfq.dat deleted successfully. File C:\WINDOWS\system32\txflodn.dat deleted successfully. File C:\WINDOWS\system32\MSHTMLU.dat deleted successfully. File C:\WINDOWS\system32\adsldqq.dat deleted successfully. File C:\WINDOWS\system32\FM20TG.dat deleted successfully. File C:\WINDOWS\system32\irdvxc.exe deleted successfully. File C:\WINDOWS\System32\DRIVERS\npf.sys not found! Deletion of file C:\WINDOWS\System32\DRIVERS\npf.sys failed! Could not process line: C:\WINDOWS\System32\DRIVERS\npf.sys Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-16 23:05:50 Windows 5.1.2600 Dodatek Service Pack. 1 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [MANUAL] ApfiltrService Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service C:\WINDOWS\System32\DRIVERS\ar5211.sys [MANUAL] AR5211 Service C:\WINDOWS\System32\DRIVERS\arp1394.sys [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] ASPI32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE Service C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [AUTO] ccEvtMgr Service C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [MANUAL] ccPwdSvc Service C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [AUTO] ccSetMgr Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service C:\Program Files\InfinaDyne\Shared\CDRPDACC.SYS [AUTO] CDRPDACC Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [AUTO] CFSvcs Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service C:\WINDOWS\System32\DRIVERS\CmBatt.sys [MANUAL] CmBatt Service [DISABLED] CmdIde Service C:\WINDOWS\System32\DRIVERS\compbatt.sys [bOOT] Compbatt Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [DISABLED] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [DISABLED] dmload Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\DVDRAMSV.exe [AUTO] DVD-RAM_Service Service C:\WINDOWS\System32\DRIVERS\e100b325.sys [MANUAL] E100B Service C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [sYSTEM] eeCtrl Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service C:\Program Files\ewido anti-spyware 4.0\guard.sys [sYSTEM] ewido anti-spyware 4.0 driver Service C:\Program Files\ewido anti-spyware 4.0\guard.exe [AUTO] ewido anti-spyware 4.0 guard Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service [sYSTEM] Fdc Service [sYSTEM] Fips Service [sYSTEM] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service fwdrv Service C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [sYSTEM] GEARAspiWDM Service C:\WINDOWS\System32\GEARSec.exe [AUTO] GEARSecurity Service C:\WINDOWS\System32\ActSkn43x.exe [AUTO] GEARSecurityCryptSvc Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [MANUAL] ialm Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\System32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [MANUAL] intelppm Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPodService Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service ldaps Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\drivers\lvusbsta.sys [MANUAL] LVUSBSta Service C:\WINDOWS\System32\Drivers\meiudf.sys [sYSTEM] meiudf Service C:\WINDOWS\System32\svchost.exe [AUTO] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE Service [bOOT] Mup Service C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\NdisIP.sys [MANUAL] NdisIP Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [AUTO] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\DRIVERS\netdevio.sys [AUTO] Netdevio Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\DRIVERS\nic1394.sys [MANUAL] NIC1394 Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\Program Files\Norton Ghost\Agent\VProSvc.exe [AUTO] Norton Ghost Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [AUTO] NwlnkIpx Service C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [AUTO] NwlnkNb Service C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [AUTO] NwlnkSpx Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys [bOOT] ohci1394 Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\pciide.sys [bOOT] PCIIde Service C:\WINDOWS\System32\DRIVERS\tossdpci.sys [MANUAL] pciSd Service C:\WINDOWS\System32\DRIVERS\pcmcia.sys [bOOT] Pcmcia Service System32\Drivers\Pcouffin.sys [MANUAL] Pcouffin Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] Pfc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\svchost.exe [DISABLED] PowerManager Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service [sYSTEM] PQNTDrv Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service system32\drivers\ProcPt.sys [bOOT] ProcPt Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service PxHelper Service C:\WINDOWS\System32\DRIVERS\LVCM.sys [MANUAL] QCMerced Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe [MANUAL] SandraDataSrv Service C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe [MANUAL] SandraTheSrv Service C:\WINDOWS\System32\Drivers\SbcpHid.sys [AUTO] SbcpHid Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service [AUTO] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\System32\DRIVERS\SLIP.sys [MANUAL] SLIP Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1 Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\ZoneLabs\srescan.sys [bOOT] srescan Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\StreamIP.sys [MANUAL] streamip Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [AUTO] Symantec Core LC Service [DISABLED] symc810 Service [DISABLED] symc8xx Service C:\WINDOWS\System32\drivers\symlcbrd.sys [AUTO] symlcbrd Service [bOOT] SymSnap Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\DRIVERS\LTSM.sys [MANUAL] TOSHIBASoftModem Service [DISABLED] TosIde Service [AUTO] tossmbnt Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\System32\DRIVERS\tsdhd.sys [MANUAL] tsdhd Service C:\WINDOWS\System32\Drivers\TSKNF501.SYS [AUTO] TSKNF501.SYS Service C:\WINDOWS\System32\DRIVERS\TVALZ.SYS [bOOT] TVALZ Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\drivers\usbaudio.sys [MANUAL] usbaudio Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service [sYSTEM] V2IMount Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vsdatant.sys [sYSTEM] vsdatant Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe [AUTO] vsmon Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\Drivers\wpdusb.sys [MANUAL] WpdUsb Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [MANUAL] WS2IFSL Service C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {45E1A176-1889-46B9-96F0-97F9ECA9532F} Service C:\WINDOWS\system32\drivers\ialmsbw.sys [MANUAL] {6080A529-897E-4629-A488-ABA0C29B635E} Service {ADD3E44E-73F3-4934-A39B-5EA54598BE9B} Service C:\WINDOWS\system32\drivers\ialmkchw.sys [MANUAL] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} Service C:\WINDOWS\system32\drivers\wA301a.sys [MANUAL] {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} ---- EOF - GMER 1.0.12 ----

“Cezary” - 07-03-16 23:06:40 Dodatek Service Pack. 1 ComboFix 07-03-15.2 - Running from: “C:\Documents and Settings\Cezary\Pulpit\naprawa” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\svchost.exe C:\WINDOWS\system32\msnetax.dll ((((((((((((((((((((((((((((((( Files Created from 2007-02-16 to 2007-03-16 )))))))))))))))))))))))))))))))))) 2007-03-16 23:02 2007-03-16 23:01 58 --a------ C:\WINDOWS\system32\msihnj.dat 2007-03-16 23:01 155 --a------ C:\WINDOWS\system32\routvtab.dat 2007-03-16 23:01 0 --a------ C:\WINDOWS\system32\MSHTMLAZ.dat 2007-03-16 23:01 0 --a------ C:\WINDOWS\system32\jgsd40za.dat 2007-03-16 23:01 0 --a------ C:\WINDOWS\system32\cnbjmov.dat 2007-03-16 21:58 132 --a------ C:\WINDOWS\system32\batmeter.dat 2007-03-16 21:58 0 --a------ C:\WINDOWS\system32\vsutii.dat 2007-03-16 21:58 0 --a------ C:\WINDOWS\system32\ff_vfvh.dat 2007-03-16 21:58 0 --a------ C:\WINDOWS\system32\dsdmcaiv.dat 2007-03-15 11:53 4,212 —h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-15 11:52 2007-03-15 11:52 2007-03-13 16:53 2007-03-12 14:37 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-03-12 14:20 2007-03-12 14:19 2007-03-12 14:19 2007-03-12 14:03 2007-03-07 12:26 2007-03-07 12:26 2007-03-02 19:31 2007-02-27 17:57 1,168 --a------ C:\WINDOWS\mozver.dat 2007-02-21 21:55 0 --a------ C:\WINDOWS\nsreg.dat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-16 22:52 -------- d-------- C:\Program Files\dc++ 2007-03-16 22:50 -------- d-------- C:\Program Files\neostrada tp 2007-03-15 02:31 -------- d-------- C:\DOCUME~1\Cezary\DANEAP~1\ppstream 2007-03-13 16:53 265988 --a------ C:\WINDOWS\system32\drivers\ndis.sys 2007-03-12 14:37 -------- d-------- C:\Program Files\ffdshow 2007-03-10 22:12 -------- d-------- C:\DOCUME~1\Cezary\DANEAP~1\skype 2007-03-07 01:05 -------- d-------- C:\Program Files\bitcomet 2007-03-06 16:36 -------- d-------- C:\Program Files\emule 2007-02-16 20:31 2560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-02-12 18:30 -------- d-------- C:\Program Files\skaneronline 2007-02-12 01:15 192000 --------- C:\WINDOWS\system32\ramasst.exe 2007-02-12 01:13 192000 --a------ C:\WINDOWS\system32\igfxtray.exe 2007-02-12 01:13 187904 --a–c— C:\WINDOWS\system32\igfxdiag.exe 2007-02-11 21:47 151040 --a------ C:\WINDOWS\system32\hkcmd.exe 2007-02-11 16:55 146944 --a–c— C:\WINDOWS\system32\cselect.exe 2007-02-11 16:53 175616 --a------ C:\WINDOWS\tchkdvdrwonly.exe 2007-02-11 16:53 175616 --a------ C:\WINDOWS\tchkcdrw.exe 2007-02-11 16:50 211736 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-02-11 16:50 192000 --a------ C:\WINDOWS\system32\nerocheck.exe 2007-02-11 16:46 175616 --a------ C:\WINDOWS\system32\arcaonlineuninstall.exe 2007-02-11 16:46 167424 --a------ C:\WINDOWS\chgrxpwt.exe 2007-02-03 14:51 57344 --a------ C:\WINDOWS\system32\mmtask.dll 2007-02-03 14:51 49664 --a------ C:\WINDOWS\system32\mci32.dll 2007-01-24 16:00 -------- d-------- C:\Program Files\skype 2007-01-24 16:00 -------- d-------- C:\Program Files\Common Files\skype 2007-01-22 12:00 719088 --a------ C:\WINDOWS\system32\skaneronline.dll 2007-01-19 09:40 89088 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2007-01-17 14:45 -------- d-------- C:\Program Files\getright 2007-01-04 14:36 848 --ahs---- C:\WINDOWS\system32\kgygaavl.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “TouchED”=“C:\Program Files\TOSHIBA\TouchED\TouchED.Exe” “PadTouch”="“C:\Program Files\TOSHIBA\PadTouch\PadExe.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “Zone Labs Client”="“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”" “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” “UserFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\ 6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“ewido anti-spyware 4.0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoCDBurning”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{d3fd488b-d538-11d8-9860-806d6172696f}] shell\play\command “C:\Program Files\InterVideo\WinDVD4\WinDVD.exe” %1 Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-16 23:16:33 C:\ComboFix2.txt … 07-03-16 21:51

adam9870 · 16 Marzec 2007 22:35

W Gmerze:

W zakładce Procesy kliknij Gmer awaryjny. Nastąpi reset i zostanie samo okienko Gmer’a
W zakładce Usługi skasuj z prawokliku usługę PowerManager
W zakładce Procesy kliknij Pliki i usuń:

Zrestartuj komputer przyciskiem na obudowie

Przeskanuj się on-line i szczepionką przeciwko Jeefo, tak jak radziłem wcześniej.

Sprawdź właściwości tego drivera C:\windows\system32\drivers\ProcPt.sys i przeskanuj go na http://virusscan.jotti.org/ oraz http://www.virustotal.com/

Po wykonaniu zdaj relacje i pokaż nowy log z Combo i dwa logi z Gmer’a.

krokodyl1 · 17 Marzec 2007 17:23

udało mi się w końcu zrobić skan online, ale pliku który miałem wysłać do analizy nie mam w tym katalogu. wydaje się że wszystko już jest ok, oprócz neostrady, która wyłącza się samoczynnie po 30 minutach i nie da się jej uruchomić bez restartu. logi:

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-17 18:04:09 Windows 5.1.2600 Dodatek Service Pack. 1 ---- System - GMER 1.0.12 ---- SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!ZwCallbackReturn + 2044 804FBCD4 12 Bytes [B0, 7E, 03, EE, C0, E6, 03, …] ? C:\WINDOWS\system32\drivers\NDIS.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? srescan.sys Nie można odnaleźć określonego pliku. .text ntdll.dll!NtClose 77F5B5C8 5 Bytes JMP 720342BA .text ntdll.dll!NtCreateProcess 77F5B728 5 Bytes JMP 72034445 .text ntdll.dll!NtCreateProcessEx 77F5B738 5 Bytes JMP 72034329 .text ntdll.dll!NtCreateSection 77F5B758 5 Bytes JMP 720342D8 .text ntoskrnl.exe!ZwYieldExecution + 2390 804FBCD4 12 Bytes [B0, 7E, 03, EE, C0, E6, 03, …] ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN ECAB57CB Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP ECAB23DF Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP ECAB23DF Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible ECAB5733 ---- Modules - GMER 1.0.12 ---- Module (noname) (*** hidden *** ) BAB7C000 Module (noname) (*** hidden *** ) F6330000 ---- EOF - GMER 1.0.12 ----

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-17 18:04:43 Windows 5.1.2600 Dodatek Service Pack. 1 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [MANUAL] ApfiltrService Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service C:\WINDOWS\System32\DRIVERS\ar5211.sys [MANUAL] AR5211 Service C:\WINDOWS\System32\DRIVERS\arp1394.sys [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] ASPI32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE Service C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [AUTO] ccEvtMgr Service C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [MANUAL] ccPwdSvc Service C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [AUTO] ccSetMgr Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service C:\Program Files\InfinaDyne\Shared\CDRPDACC.SYS [AUTO] CDRPDACC Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [AUTO] CFSvcs Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service C:\WINDOWS\System32\DRIVERS\CmBatt.sys [MANUAL] CmBatt Service [DISABLED] CmdIde Service C:\WINDOWS\System32\DRIVERS\compbatt.sys [bOOT] Compbatt Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [DISABLED] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [DISABLED] dmload Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\DVDRAMSV.exe [AUTO] DVD-RAM_Service Service C:\WINDOWS\System32\DRIVERS\e100b325.sys [MANUAL] E100B Service C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [sYSTEM] eeCtrl Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service C:\Program Files\ewido anti-spyware 4.0\guard.sys [sYSTEM] ewido anti-spyware 4.0 driver Service C:\Program Files\ewido anti-spyware 4.0\guard.exe [AUTO] ewido anti-spyware 4.0 guard Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service [sYSTEM] Fdc Service [sYSTEM] Fips Service [sYSTEM] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service fwdrv Service C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [sYSTEM] GEARAspiWDM Service C:\WINDOWS\System32\GEARSec.exe [AUTO] GEARSecurity Service C:\WINDOWS\System32\ActSkn43x.exe [AUTO] GEARSecurityCryptSvc Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [MANUAL] ialm Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\System32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [MANUAL] intelppm Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPodService Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service ldaps Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\drivers\lvusbsta.sys [MANUAL] LVUSBSta Service C:\WINDOWS\System32\Drivers\meiudf.sys [sYSTEM] meiudf Service C:\WINDOWS\System32\svchost.exe [AUTO] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE Service [bOOT] Mup Service C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\NdisIP.sys [MANUAL] NdisIP Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [AUTO] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\DRIVERS\netdevio.sys [AUTO] Netdevio Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\DRIVERS\nic1394.sys [MANUAL] NIC1394 Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\Program Files\Norton Ghost\Agent\VProSvc.exe [AUTO] Norton Ghost Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [AUTO] NwlnkIpx Service C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [AUTO] NwlnkNb Service C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [AUTO] NwlnkSpx Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys [bOOT] ohci1394 Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\pciide.sys [bOOT] PCIIde Service C:\WINDOWS\System32\DRIVERS\tossdpci.sys [MANUAL] pciSd Service C:\WINDOWS\System32\DRIVERS\pcmcia.sys [bOOT] Pcmcia Service System32\Drivers\Pcouffin.sys [MANUAL] Pcouffin Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] Pfc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\svchost.exe [DISABLED] PowerManager Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service [sYSTEM] PQNTDrv Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service system32\drivers\ProcPt.sys [bOOT] ProcPt Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service PxHelper Service C:\WINDOWS\System32\DRIVERS\LVCM.sys [MANUAL] QCMerced Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe [MANUAL] SandraDataSrv Service C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe [MANUAL] SandraTheSrv Service C:\WINDOWS\System32\Drivers\SbcpHid.sys [AUTO] SbcpHid Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service [AUTO] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\System32\DRIVERS\SLIP.sys [MANUAL] SLIP Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1 Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\ZoneLabs\srescan.sys [bOOT] srescan Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\StreamIP.sys [MANUAL] streamip Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [AUTO] Symantec Core LC Service [DISABLED] symc810 Service [DISABLED] symc8xx Service C:\WINDOWS\System32\drivers\symlcbrd.sys [AUTO] symlcbrd Service [bOOT] SymSnap Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\DRIVERS\LTSM.sys [MANUAL] TOSHIBASoftModem Service [DISABLED] TosIde Service [AUTO] tossmbnt Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\System32\DRIVERS\tsdhd.sys [MANUAL] tsdhd Service C:\WINDOWS\System32\Drivers\TSKNF501.SYS [AUTO] TSKNF501.SYS Service C:\WINDOWS\System32\DRIVERS\TVALZ.SYS [bOOT] TVALZ Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\drivers\usbaudio.sys [MANUAL] usbaudio Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service [sYSTEM] V2IMount Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vsdatant.sys [sYSTEM] vsdatant Service C:\WINDOWS\system32\ZoneLabs\vsmon.exe [AUTO] vsmon Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\Drivers\wpdusb.sys [MANUAL] WpdUsb Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [MANUAL] WS2IFSL Service C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {45E1A176-1889-46B9-96F0-97F9ECA9532F} Service C:\WINDOWS\system32\drivers\ialmsbw.sys [MANUAL] {6080A529-897E-4629-A488-ABA0C29B635E} Service {ADD3E44E-73F3-4934-A39B-5EA54598BE9B} Service C:\WINDOWS\system32\drivers\ialmkchw.sys [MANUAL] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} Service C:\WINDOWS\system32\drivers\wA301a.sys [MANUAL] {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} ---- EOF - GMER 1.0.12 ----

“Cezary” - 07-03-17 18:05:41 Dodatek Service Pack. 1 ComboFix 07-03-15.2 - Running from: “C:\Documents and Settings\Cezary\Pulpit\naprawa” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\svchost.exe C:\WINDOWS\system32\msnetax.dll ((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 )))))))))))))))))))))))))))))))))) 2007-03-17 13:07 2007-03-17 00:16 6,209,536 --a------ C:\DOCUME~1\Cezary\ntuser.dat 2007-03-16 23:58 198 --a------ C:\WINDOWS\system32\htuiiue.dat 2007-03-16 23:58 0 --a------ C:\WINDOWS\system32\wuauenz1.dat 2007-03-16 23:58 0 --a------ C:\WINDOWS\system32\VSFilHer.dat 2007-03-16 23:58 0 --a------ C:\WINDOWS\system32\initbkia.dat 2007-03-16 23:54 928 --a------ C:\WINDOWS\system32\rpcnsk.dat 2007-03-16 23:54 294 --a------ C:\WINDOWS\system32\routvtab.dat 2007-03-16 23:54 0 --a------ C:\WINDOWS\system32\wmasf.dat 2007-03-16 23:54 0 --a------ C:\WINDOWS\system32\lpkqhs.dat 2007-03-16 23:54 0 --a------ C:\WINDOWS\system32\d3dx9_D8.dat 2007-03-16 23:02 2007-03-16 21:58 0 --a------ C:\WINDOWS\system32\ff_vfvh.dat 2007-03-15 11:53 4,212 —h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-15 11:52 2007-03-15 11:52 2007-03-13 16:53 2007-03-12 14:37 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-03-12 14:20 2007-03-12 14:19 2007-03-12 14:19 2007-03-12 14:03 2007-03-07 12:26 2007-03-07 12:26 2007-03-02 19:31 2007-02-27 17:57 1,168 --a------ C:\WINDOWS\mozver.dat 2007-02-21 21:55 0 --a------ C:\WINDOWS\nsreg.dat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-17 17:03 -------- d-------- C:\Program Files\neostrada tp 2007-03-17 13:13 -------- d-------- C:\Program Files\dc++ 2007-03-17 01:03 79606 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-17 01:03 458260 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-15 02:31 -------- d-------- C:\DOCUME~1\Cezary\DANEAP~1\ppstream 2007-03-13 16:53 265988 --a------ C:\WINDOWS\system32\drivers\ndis.sys 2007-03-12 14:37 -------- d-------- C:\Program Files\ffdshow 2007-03-10 22:12 -------- d-------- C:\DOCUME~1\Cezary\DANEAP~1\skype 2007-03-07 01:05 -------- d-------- C:\Program Files\bitcomet 2007-03-06 16:36 -------- d-------- C:\Program Files\emule 2007-02-16 20:31 2560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-02-12 18:30 -------- d-------- C:\Program Files\skaneronline 2007-02-12 01:15 192000 --------- C:\WINDOWS\system32\ramasst.exe 2007-02-12 01:13 192000 --a------ C:\WINDOWS\system32\igfxtray.exe 2007-02-12 01:13 187904 --a–c— C:\WINDOWS\system32\igfxdiag.exe 2007-02-11 21:47 151040 --a------ C:\WINDOWS\system32\hkcmd.exe 2007-02-11 16:55 146944 --a–c— C:\WINDOWS\system32\cselect.exe 2007-02-11 16:53 175616 --a------ C:\WINDOWS\tchkdvdrwonly.exe 2007-02-11 16:53 175616 --a------ C:\WINDOWS\tchkcdrw.exe 2007-02-11 16:50 211736 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-02-11 16:50 192000 --a------ C:\WINDOWS\system32\nerocheck.exe 2007-02-11 16:46 175616 --a------ C:\WINDOWS\system32\arcaonlineuninstall.exe 2007-02-11 16:46 167424 --a------ C:\WINDOWS\chgrxpwt.exe 2007-02-03 14:51 49664 --a------ C:\WINDOWS\system32\mci32.dll 2007-01-24 16:00 -------- d-------- C:\Program Files\skype 2007-01-24 16:00 -------- d-------- C:\Program Files\Common Files\skype 2007-01-22 12:00 719088 --a------ C:\WINDOWS\system32\skaneronline.dll 2007-01-19 09:40 89088 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2007-01-17 14:45 -------- d-------- C:\Program Files\getright 2007-01-04 14:36 848 --ahs---- C:\WINDOWS\system32\kgygaavl.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “TouchED”=“C:\Program Files\TOSHIBA\TouchED\TouchED.Exe” “PadTouch”="“C:\Program Files\TOSHIBA\PadTouch\PadExe.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" “Zone Labs Client”="“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”" “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“ewido anti-spyware 4.0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoCDBurning”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{d3fd488b-d538-11d8-9860-806d6172696f}] shell\play\command “C:\Program Files\InterVideo\WinDVD4\WinDVD.exe” %1 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_POWERMANAGER Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Symantec NetDetect.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-17 18:15:31 C:\ComboFix2.txt … 07-03-16 23:16 C:\ComboFix3.txt … 07-03-16 21:51

adam9870 · 17 Marzec 2007 19:42

W Gmerze w zakładce Procesy wybierz Gmer awaryjny >>> po resecie w zakładce usługi skasuj z prawokliku usługę PowerManager >>> reset >>> skan skanerami on-line i usunięcie WSZYSTKIEGO (nawet jeśli to będą Twoje programy),co zostanie znalezione.

Sprobuj skasować te pliki poprzez Gmer’a (sposób usuwania już znasz - Gmer awaryjny, zakładka Procesy, opcja Pliki, reset).

Przeczyść TEMP’y programem ATF Cleaner.

krokodyl1 · 17 Marzec 2007 23:07

Pousuwałem co mogłem, ale antywiry chcą mi wyrzucić wszystkie exe-ki, nawet do antywirów, neostrady, stery do drukarki, programy preinstalowane przez toshibę

po ostatnim poście już wszystko było ok, aż po około 100 minutach połaczenie z neostradą znów samoczynnie się zerwało…zauważyłem wtedy w TaskInfo że proces C:\windows\system32\svchost.exe -k netsvc zajmował ponad 80% mocy procka…no i wrócił c:\windows\svchost.exe, co to właściwie jest??? aha i w tym samym momencie kiedy neostrada się urwała lsass.exe poprosił o puszczenie go w Zone Alarm…

adam9870 · 18 Marzec 2007 09:35

Usuń wszystko to, co znajdują programy zabezpieczające, nawet instalowane przez Ciebie programy. Potem je zainstalujesz na nowo Miałeś albo w dalszym ciągu masz (o czym świadczy usługa Power Menager i proces c:\windows\svchost.exe) wirusa Jeefo. Jak każdy wirus, także i on charakteryzuje się tym, że infekuje pliki wykonywalne *.exe.

Otwórz Notatnik i wklej:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT i uruchom go w trybie awaryjnym.

krokodyl1 · 18 Marzec 2007 12:06

Rozumiem, z tym że wynika z tego że zakażone są wszystkie instalki, czy jest jakiś sposób żeby je oczyścić? bo nie uśmiecha mi się ściąganie ponad 30 różnych programów…

adam9870 · 18 Marzec 2007 12:11

Użyj szczepionki przeciwko Jeefo, tak jak radziłem i przeskanuj system skanerami on-line. Najwyżej będziesz musiał usunąć kilka programów…