Nie wyświetlają sie strony internetowe

efcia · 7 Lipiec 2006 11:22

GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-07 13:25:27 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwCreateProcess SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwCreateProcessEx SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwOpenProcess SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwOpenThread SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwQueryDirectoryFile SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwQuerySystemInformation ---- Processes - GMER 1.0.10 ---- Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Nikon\NkView6\NkvMon.exe [260] 0x10000000 <-- ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [288] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [360] 0x10000000 – ROOTKIT ! Process C:\WINDOWS\system32\winlogon.exe (*** hidden *** ) 504 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [504] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\PROKOM Software SA\Płatnik 6\P2.exe [996] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1152] 0x10000000 – ROOTKIT ! Process C:\WINDOWS\Explorer.EXE (*** hidden *** ) 1308 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1308] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [1392] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe [1424] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\wdfmgr.exe [1608] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe [1644] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [1808] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [1852] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Spybot - Search Destroy\TeaTimer.exe [1900] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Documents and Settings\Ewa\Dane aplikacji\MyTraveler\MyTraveler.exe [1920] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1948] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Skype\Phone\Skype.exe [1972] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe [2012] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\wuauclt.exe [2908] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3500] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\PROGRA~1\WinZip\winzip32.exe [3944] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\DOCUME~1\Ewa\USTAWI~1\Temp\gmer.exe [3976] 0x10000000 – ROOTKIT ! ---- EOF - GMER 1.0.10 ---- strasznie to długo trwało bo mi komp sie na amen wyłączył :twisted: i nie mogłam go wogóle włączyć i dziś tak z ciekawości znów podiełam próbę włączenia go i jakoś dało radę ale miałam info na początku ze system windows odzyskał sprawność po poważnym błędzie czy jakoś tam… dziś ma podjechać so mnie pan informatyk polukać w niego

InfinityToJa · 7 Lipiec 2006 11:34

hmm dziwne, prawdopodobnie błąd gmera

Nie widać nigdzie usługi rootkita, zrób jeszcze jednego loga, zaznacz tylko usługi i opcje pokazuj wszystko i wklej .

efcia · 7 Lipiec 2006 12:08

zgapiłam sie i nie zaznaczyłam tych opcji i teraz sprawdza i sprawdza ale cierpliwie czekam… i zrobie jeszcze raz

no i skończył ale mam komunikat

InfinityToJa · 7 Lipiec 2006 12:15

masz zaznaczyć tylko usługi i pokazuj wszystko, nie musisz czekać, przecież możesz zatrzymać skan

efcia · 7 Lipiec 2006 12:16

GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-07 14:20:02 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwCreateProcess <-- ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwCreateProcessEx – ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwOpenProcess – ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwOpenThread – ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwQueryDirectoryFile – ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwQuerySystemInformation – ROOTKIT ! ---- Processes - GMER 1.0.10 ---- Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Nikon\NkView6\NkvMon.exe [260] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [288] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [360] 0x10000000 – ROOTKIT ! Process C:\WINDOWS\system32\winlogon.exe (*** hidden *** ) 504 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [504] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\PROKOM Software SA\Płatnik 6\P2.exe [996] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1152] 0x10000000 – ROOTKIT ! Process C:\WINDOWS\Explorer.EXE (*** hidden *** ) 1308 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1308] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [1392] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe [1424] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\wdfmgr.exe [1608] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe [1644] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [1808] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [1852] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Spybot - Search Destroy\TeaTimer.exe [1900] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Documents and Settings\Ewa\Dane aplikacji\MyTraveler\MyTraveler.exe [1920] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1948] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Skype\Phone\Skype.exe [1972] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe [2012] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3500] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\PROGRA~1\WinZip\winzip32.exe [4040] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\DOCUME~1\Ewa\USTAWI~1\Temp\gmer.exe [4080] 0x10000000 – ROOTKIT ! ---- Files - GMER 1.0.10 ---- File C:\WINDOWS\system32\twpkad.dll File C:\WINDOWS\system32\kgcpt.dat File C:\WINDOWS\system32\zq.dll File C:\WINDOWS\system32\twpkbd.sys – ROOTKIT ! File C:\WINDOWS\system32\zq.sys File C:\WINDOWS\system32\seDS.a3d ---- Services - GMER 1.0.10 ---- Service C:\WINDOWS\system32\twpkbd.sys [AUTO] twpkad – ROOTKIT ! ---- EOF - GMER 1.0.10 ---- no dobra to jeszcze raz zrobie Złączono Posta: 07.07.2006 (Pią) 14:17 GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-07 14:21:15 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.10 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service C:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\System32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\WINDOWS\System32\drivers\avmport.sys [AUTO] AVMPORT Service C:\WINDOWS\System32\DRIVERS\avmwan.sys [MANUAL] AVMWAN Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\DRIVERS\dmio.sys [bOOT] dmio Service [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service C:\WINDOWS\System32\DRIVERS\Dot4.sys [MANUAL] Dot4 Service C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [MANUAL] Dot4Print Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service C:\WINDOWS\System32\DRIVERS\fpcibase.sys [MANUAL] fpcibase Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys [bOOT] IdeBusDr Service C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys [bOOT] IdeChnDr Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service [DISABLED] ini910u Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service System32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\System32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service [AUTO] LcSvrAdm Service [MANUAL] LcSvrAuf Service [AUTO] LcSvrHis Service [AUTO] LcSvrKds Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [AUTO] MDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\Program [AUTO] MSSQL$INSERTGT Service C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [MANUAL] MSSQLServerADHelper Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service C:\WINDOWS\system32\pe386.sys [sYSTEM] pe386 Service [DISABLED] perc2 Service [DISABLED] perc2hib Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\HPZipm12.exe [MANUAL] Pml Driver HPZ12 Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\Drivers\RootMdm.sys [AUTO] ROOTMODEM Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1 Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\Program [MANUAL] SQLAgent$INSERTGT Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\DRIVERS\irstusb.sys [MANUAL] STIrUsb Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service C:\Program [DISABLED] Symantec Core LC Service [DISABLED] symc810 Service [DISABLED] symc8xx Service C:\WINDOWS\System32\drivers\symlcbrd.sys [AUTO] symlcbrd Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service C:\WINDOWS\system32\twpkbd.sys [AUTO] twpkad Service C:\WINDOWS\system32\twpkbd.sys [sYSTEM] twpkbd Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbscan.sys [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\usbser.sys [MANUAL] usbser Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe [AUTO] UserAccess Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov ---- EOF - GMER 1.0.10 ---- Złączono Posta: 07.07.2006 (Pią) 14:19 matko jak patrze na to to czasna magia jak Wy sie w tym rozeznajecie :o

InfinityToJa · 7 Lipiec 2006 12:23

no i jest,

podświetl:

i wybierz z prawkokliku usuń usługę

Przechodzisz do zakładki cmd i wklejasz

idziesz do procesy i wybierasz opcje zabij wszystko, powrót do cmd i klikasz uruchom, z zakładki procesy wybierasz restart i nowy log.

efcia · 7 Lipiec 2006 12:29

wolę sie upewnic zanim coś namieszam …

z tego prawo kliku usuwam

bo on sie pyta czy usunać bo usunięcie moze spowodować awarię systemu etc…

InfinityToJa · 7 Lipiec 2006 12:31

tak usuwasz, wybierasz “usuń usługę” i przytakujesz mu(wybierasz tak…)

efcia · 7 Lipiec 2006 14:30

no to tak…

po pierwsze jak wpisałam w cmd Twój "cytat"to brak dostępu do ścieżki potem jak przeszłam do prosesów to nie chciał sie zrestartować :oops:

GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-07 16:38:00 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.10 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service C:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\System32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\system32\drivers\amon.sys [AUTO] AMON Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\WINDOWS\System32\drivers\avmport.sys [AUTO] AVMPORT Service C:\WINDOWS\System32\DRIVERS\avmwan.sys [MANUAL] AVMWAN Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\DRIVERS\dmio.sys [bOOT] dmio Service [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service C:\WINDOWS\System32\DRIVERS\Dot4.sys [MANUAL] Dot4 Service C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [MANUAL] Dot4Print Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service C:\WINDOWS\System32\DRIVERS\fpcibase.sys [MANUAL] fpcibase Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys [bOOT] IdeBusDr Service C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys [bOOT] IdeChnDr Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service [DISABLED] ini910u Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service System32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\System32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service [AUTO] LcSvrAdm Service [MANUAL] LcSvrAuf Service [AUTO] LcSvrHis Service [AUTO] LcSvrKds Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [AUTO] MDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\Program [AUTO] MSSQL$INSERTGT Service C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [MANUAL] MSSQLServerADHelper Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\Program Files\Eset\nod32krn.exe [AUTO] NOD32krn Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service C:\WINDOWS\system32\pe386.sys [sYSTEM] pe386 Service [DISABLED] perc2 Service [DISABLED] perc2hib Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\HPZipm12.exe [MANUAL] Pml Driver HPZ12 Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\Drivers\RootMdm.sys [AUTO] ROOTMODEM Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1 Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\Program [MANUAL] SQLAgent$INSERTGT Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\DRIVERS\irstusb.sys [MANUAL] STIrUsb Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service C:\Program [DISABLED] Symantec Core LC Service [DISABLED] symc810 Service [DISABLED] symc8xx Service C:\WINDOWS\System32\drivers\symlcbrd.sys [AUTO] symlcbrd Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service C:\WINDOWS\system32\twpkbd.sys [sYSTEM] twpkbd Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbscan.sys [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\usbser.sys [MANUAL] usbser Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe [AUTO] UserAccess Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [sYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov ---- EOF - GMER 1.0.10 ----

a log z HJ bez zmian :oops:

gfile of HijackThis v1.99.1 Scan saved at 16:40:45, on 2006-07-07 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Ewa\Dane aplikacji\MyTraveler\MyTraveler.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe C:\Program Files\ESET\nod32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\Ewa\USTAWI~1\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM…\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [MyTraveler] C:\Documents and Settings\Ewa\Dane aplikacji\MyTraveler\MyTraveler.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/2/mailcfg.ocx O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O16 - DPF: {5AE70FF8-20A7-4FC4-B896-404196B8B04C} (Smtpauth Control) - http://i.wp.pl/a/i/poczta_xl/smtpauth.ocx O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{736C4FC8-D2D5-4893-A242-F9C960555898}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: twpkad - C:\WINDOWS\SYSTEM32\twpkad.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe

InfinityToJa · 7 Lipiec 2006 14:38

ominąłem w usługach rootkita pe386 , sorry

W gmerze przejdź do zakładki usługi i skasuj z prawokliku pe386

Działa ci opcja zabij wszystko (gmer nie zawiesza się ?) jeśli tak to wklejasz do zakładki cmd to co zacytowałem>>> w zakładce procesy wybierasz opcje zabij wszystko i w cmd uruchom, a jeśli nie działa, to zapisz to sobie do notatnika , w gmerze w zakładce procesy wybierz awaryjny, gmer zresetuje kompa i uruchomi minimalną ilość procesów, w zakładce procesy kilkasz 3 kropki “…” i wskasujesz to co zapisałaś do notatnika, kopiujesz i wklejasz do cmd i wybierasz uruchom, reset kompa i nowe logi.

efcia · 7 Lipiec 2006 14:48

zerknij na loga czyli coś tam usunełam…

nie ma kogoś tu z łodzi zeby mi to zrobił… :oops: :oops:

wieczorem sie za to wezmę bo muszę mieć więcej czasu …

InfinityToJa · 7 Lipiec 2006 14:53

no usługa haxdoora nadal siedzi, obydwie skasuj w zakładce usługi: twpkbd i pe386 , zrób to jak będziesz miała już zabite wszystkie procesy, lub awaryjnym gmera (jeśli zabij wszystko się zawiesi) i później kasujesz pliki wklejając to co zacytowałem do zakładki cmd i wybierając uruchom, robiąc wszystko wdg instrukcji powinnaś wywalić ten syf.

To czekamy

efcia · 7 Lipiec 2006 20:34

no jestem i zara biere sie do roboty… :lol:

jestem po skanie z NOD32 i usunięciu plików z jakim robakiem i trojanem teraz skończył mi sie skan z EWIDO i biore sie za GMERA mam nadziej ze nie spitole sprawy…

no i juz zaczynają sie schody a raczej ma pytania…

tez mam usunąć prawo klikiem z usługach rootkita??

InfinityToJa · 7 Lipiec 2006 21:06

nie musisz latać po zakładkach, usługi masz w jednej , kasujesz z prawokliku

efcia · 7 Lipiec 2006 21:26

GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-07 23:29:37 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.10 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service C:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\System32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\system32\drivers\amon.sys [AUTO] AMON Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\WINDOWS\System32\drivers\avmport.sys [AUTO] AVMPORT Service C:\WINDOWS\System32\DRIVERS\avmwan.sys [MANUAL] AVMWAN Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\DRIVERS\dmio.sys [bOOT] dmio Service [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service C:\WINDOWS\System32\DRIVERS\Dot4.sys [MANUAL] Dot4 Service C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [MANUAL] Dot4Print Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service C:\WINDOWS\System32\DRIVERS\fpcibase.sys [MANUAL] fpcibase Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys [bOOT] IdeBusDr Service C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys [bOOT] IdeChnDr Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service [DISABLED] ini910u Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service System32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\System32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service [AUTO] LcSvrAdm Service [MANUAL] LcSvrAuf Service [AUTO] LcSvrHis Service [AUTO] LcSvrKds Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [AUTO] MDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\Program [AUTO] MSSQL$INSERTGT Service C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [MANUAL] MSSQLServerADHelper Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\Program Files\Eset\nod32krn.exe [AUTO] NOD32krn Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\HPZipm12.exe [MANUAL] Pml Driver HPZ12 Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\Drivers\RootMdm.sys [AUTO] ROOTMODEM Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1 Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\Program [MANUAL] SQLAgent$INSERTGT Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\DRIVERS\irstusb.sys [MANUAL] STIrUsb Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service C:\Program [DISABLED] Symantec Core LC Service [DISABLED] symc810 Service [DISABLED] symc8xx Service C:\WINDOWS\System32\drivers\symlcbrd.sys [AUTO] symlcbrd Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service C:\WINDOWS\system32\twpkbd.sys [sYSTEM] twpkbd Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbscan.sys [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\usbser.sys [MANUAL] usbser Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe [AUTO] UserAccess Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [sYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov ---- EOF - GMER 1.0.10 ----

Złączono Posta : 07.07.2006 (Pią) 23:31

GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-07 23:34:53 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwCreateProcess <-- ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwCreateProcessEx – ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwOpenProcess – ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwOpenThread – ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwQueryDirectoryFile – ROOTKIT ! SSDT ??\C:\WINDOWS\system32\twpkbd.sys ZwQuerySystemInformation – ROOTKIT ! ---- Processes - GMER 1.0.10 ---- Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe [272] 0x10000000 – ROOTKIT ! Process C:\WINDOWS\system32\winlogon.exe (*** hidden *** ) 504 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [504] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Tlen.pl\Tlen.exe [1092] 0x10000000 – ROOTKIT ! Process C:\WINDOWS\Explorer.EXE (*** hidden *** ) 1164 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1164] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1252] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [1424] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe [1556] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [1588] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [1596] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Eset\nod32kui.exe [1656] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Spybot - Search Destroy\TeaTimer.exe [1680] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Documents and Settings\Ewa\Dane aplikacji\MyTraveler\MyTraveler.exe [1704] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [1720] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Skype\Phone\Skype.exe [1740] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Eset\nod32krn.exe [1796] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Nikon\NkView6\NkvMon.exe [1852] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [1892] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe [1944] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [1980] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\WINDOWS\system32\wdfmgr.exe [2000] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\DOCUME~1\Ewa\USTAWI~1\Temp\gmer.exe [2536] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\PROGRA~1\WinZip\winzip32.exe [2832] 0x10000000 – ROOTKIT ! Library C:\WINDOWS\system32\twpkad.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3152] 0x10000000 – ROOTKIT ! ---- Files - GMER 1.0.10 ---- File C:\WINDOWS\system32\kgcpt.dat File C:\WINDOWS\system32\twpkbd.sys – ROOTKIT ! File C:\WINDOWS\system32\twpkad.dll File C:\WINDOWS\system32\seDS.a3d File C:\WINDOWS\system32\zq.sys ---- Services - GMER 1.0.10 ---- Service C:\WINDOWS\system32\twpkbd.sys [sYSTEM] twpkbd – ROOTKIT ! ---- EOF - GMER 1.0.10 ---- a drugiego loga brak bo GMER nie odnalazł zadnych modyfikacji systemu…

InfinityToJa · 7 Lipiec 2006 21:37

podświetlasz :

i wybierasz skasuj usługę z prawokliku.

pakujesz do cmd:

w procesach wybierasz zabij wszystko, i w cmd wybierasz uruchom, restart i nowy log.

efcia · 7 Lipiec 2006 22:06

coś nie do końca mi to dobrze poszło bo miałam problemy z zakładce cmd bo nadloe mi pokazywało NIEPRAWIDŁOWY PRZEŁĄCZNIK - -R-S-H a tazke nie prawidłowa sciezka… C:\WINDOWS\system\twpkad.dll

GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-08 00:07:48 Windows 5.1.2600 Dodatek Service Pack 2 ---- Processes - GMER 1.0.10 ---- Process Sytem Idle 0 Process System 4 Process C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 248 Process C:\WINDOWS\System32\smss.exe 416 Process C:\WINDOWS\system32\csrss.exe 480 Process C:\WINDOWS\system32\winlogon.exe 504 Process C:\WINDOWS\system32\services.exe 548 Process C:\WINDOWS\system32\lsass.exe 560 Process C:\WINDOWS\system32\svchost.exe 712 Process C:\WINDOWS\system32\svchost.exe 756 Process C:\WINDOWS\System32\svchost.exe 800 Process C:\WINDOWS\System32\svchost.exe 844 Process C:\WINDOWS\System32\svchost.exe 888 Process C:\DOCUME~1\Ewa\USTAWI~1\Temp\gmer.exe 952 Process C:\WINDOWS\Explorer.EXE 1168 Process C:\WINDOWS\system32\spoolsv.exe 1212 Process C:\PROGRA~1\WinZip\winzip32.exe 1268 Process C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 1372 Process C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe 1416 Process C:\WINDOWS\SOUNDMAN.EXE 1536 Process C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe 1548 Process C:\Program Files\Eset\nod32kui.exe 1596 Process C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 1604 Process C:\Documents and Settings\Ewa\Dane aplikacji\MyTraveler\MyTraveler.exe 1612 Process C:\WINDOWS\system32\ctfmon.exe 1628 Process C:\Program Files\Skype\Phone\Skype.exe 1636 Process C:\Program Files\Eset\nod32krn.exe 1648 Process C:\WINDOWS\System32\svchost.exe 1720 Process C:\WINDOWS\system32\wdfmgr.exe 1748 Process C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe 1880 Process C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe 1944 Process C:\Program Files\Nikon\NkView6\NkvMon.exe 1952 Process C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe 2032 Process C:\WINDOWS\system32\wuauclt.exe 2164 Process C:\Program Files\Tlen.pl\Tlen.exe 2288 Process C:\Program Files\Internet Explorer\iexplore.exe 3104 ---- Services - GMER 1.0.10 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service C:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\System32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\system32\drivers\amon.sys [AUTO] AMON Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\WINDOWS\System32\drivers\avmport.sys [AUTO] AVMPORT Service C:\WINDOWS\System32\DRIVERS\avmwan.sys [MANUAL] AVMWAN Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\DRIVERS\dmio.sys [bOOT] dmio Service [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service C:\WINDOWS\System32\DRIVERS\Dot4.sys [MANUAL] Dot4 Service C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [MANUAL] Dot4Print Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service C:\WINDOWS\System32\DRIVERS\fpcibase.sys [MANUAL] fpcibase Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] Gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys [bOOT] IdeBusDr Service C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys [bOOT] IdeChnDr Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service [DISABLED] ini910u Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service System32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\System32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service [AUTO] LcSvrAdm Service [MANUAL] LcSvrAuf Service [AUTO] LcSvrHis Service [AUTO] LcSvrKds Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [AUTO] MDM Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\Program [AUTO] MSSQL$INSERTGT Service C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [MANUAL] MSSQLServerADHelper Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\Program Files\Eset\nod32krn.exe [AUTO] NOD32krn Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\HPZipm12.exe [MANUAL] Pml Driver HPZ12 Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\Drivers\RootMdm.sys [AUTO] ROOTMODEM Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [MANUAL] SONYPVU1 Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\Program [MANUAL] SQLAgent$INSERTGT Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\DRIVERS\irstusb.sys [MANUAL] STIrUsb Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service C:\Program [DISABLED] Symantec Core LC Service [DISABLED] symc810 Service [DISABLED] symc8xx Service C:\WINDOWS\System32\drivers\symlcbrd.sys [AUTO] symlcbrd Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service C:\WINDOWS\system32\twpkbd.sys [sYSTEM] twpkbd Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbscan.sys [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\usbser.sys [MANUAL] usbser Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe [AUTO] UserAccess Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [sYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov ---- EOF - GMER 1.0.10 ----

InfinityToJa · 7 Lipiec 2006 22:09

podaj zwykłego loga, (zaznaczone wszystkie obiekty oprócz pokazuj wszystko), jak narazie jest ok bo nie widać usługi haxdoora

efcia · 7 Lipiec 2006 22:11

a drugiego loga brak bo GMER nie odnalazł zadnych modyfikacji systemu…

Złączono Posta : 08.07.2006 (Sob) 0:20

no to teraz log z HJ

gfile of HijackThis v1.99.1 Scan saved at 00:23:49, on 2006-07-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Ewa\Dane aplikacji\MyTraveler\MyTraveler.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Tlen.pl\Tlen.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\Ewa\USTAWI~1\Temp\gmer.exe C:\DOCUME~1\Ewa\USTAWI~1\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM…\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [MyTraveler] C:\Documents and Settings\Ewa\Dane aplikacji\MyTraveler\MyTraveler.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/2/mailcfg.ocx O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab O16 - DPF: {5AE70FF8-20A7-4FC4-B896-404196B8B04C} (Smtpauth Control) - http://i.wp.pl/a/i/poczta_xl/smtpauth.ocx O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{736C4FC8-D2D5-4893-A242-F9C960555898}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: twpkad - twpkad.dll (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe

InfinityToJa · 7 Lipiec 2006 22:23

skasuj w hjt i wklej loga z silent runners