Podejrzenie wirusa - logi

system · 1 Marzec 2007 10:20

Ostatnio mój komputer zwolnił jeszcze bardziej niż zazwyczaj. Podejrzewam, że to wirus, ale chciałbym się upewnić =] Poproszę o sprawdzenie logów. Z góry dziękuję.

Logfile of HijackThis v1.99.1 Scan saved at 11:11:44, on 2007-03-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\runservice.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Opera1\Opera.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Administrator\Pulpit\Kasper\Duperele\cd-2oo6\Anti_spy\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av … _homepage/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Vistadrv] C:\Documents and Settings\Administrator\Pulpit\Vistadrive\Vistadrive\vsdrv.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKCU…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto O4 - HKCU…\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU…\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra ‘Tools’ menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house … hcImpl.cab O20 - Winlogon Notify: avpe32 - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Critical System Service BootDrv (BootDrv) - Unknown owner - C:\WINDOWS\system32\BootDSvc.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Dzieńdobry!” = “C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto” [“VSD Software”] “Creative Detector” = “C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R” [“Creative Technology Ltd”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “PeerGuardian” = “C:\Program Files\PeerGuardian2\pg2.exe” [“Methlabs”] “WinMem” = “C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “C-Media Mixer” = “Mixer.exe /startup” [“C-Media Electronic Inc. (http://www.cmedia.com.tw)”] “HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe” [“HP”] “DAEMON Tools-1033” = ““C:\Program Files\D-Tools\daemon.exe” -lang 1033” [“DAEMON’S HOME”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “Vistadrv” = “C:\Documents and Settings\Administrator\Pulpit\Vistadrive\Vistadrive\vsdrv.exe” [file not found] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {37B85A21-692B-4205-9CAD-2626E4993404}(Default) = “My Global Search Bar BHO” -> {HKLM…CLSID} = “My Global Search Bar BHO” \InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “C:\Program Files\BitComet\tools\BitCometBHO.dll” [“BitComet”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}(Default) = “NAV Helper” -> {HKLM…CLSID} = “CNavExtBho Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{59850401-6664-101B-B21C-00AA004BA90B}” = “Microsoft Office Binder Unbind” -> {HKLM…CLSID} = “Microsoft Office Binder Unbind” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\1045\UNBIND.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{acb4a560-3606-11d3-aef4-00104bd0f92d}” = “KodakShellExtension” -> {HKLM…CLSID} = “KodakShellExtension” \InProcServer32(Default) = “C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll” [“Eastman Kodak Company”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\Audiodev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{ABC70703-32AF-11d4-90C4-D483A70F4825}” = “CMenuExtender” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\Program Files\iColorFolder\CMExt.dll” [file not found] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}” = “eLicense Control” -> {HKLM…CLSID} = “eLicense Control” \InProcServer32(Default) = “C:\WINDOWS\lcmmfu.cpl” [null data] “{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}” = “Hex Editor Shell Extension” -> {HKLM…CLSID} = “ShellExt Class” \InProcServer32(Default) = “C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll” [“HHD Software”] “{328D8DA1-64BF-4138-8CD6-1FB6741CA645}” = “MuVo N200 Media Explorer” -> {HKLM…CLSID} = “MuVo N200 Media Explorer” \InProcServer32(Default) = “C:\Program Files\Creative\MuVo N200 Media Explorer\CTMvns.dll” [“Creative Technology Ltd”] “{E0BD38EB-C8EC-11D2-B274-B493B003B125}” = “East-Tec Eraser Context Menu Shell Extension” -> {HKLM…CLSID} = “East-Tec Eraser Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\EAST-T~1\eteshell.dll” [“EAST Technologies”] “{BF05BB6E-442C-428B-8025-82280B7BC26C}” = “Zen Micro Media Explorer” -> {HKLM…CLSID} = “Zen Micro Media Explorer” \InProcServer32(Default) = “C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll” [“Creative Technology Ltd”] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}” = “IVB Shl Ext” -> {HKLM…CLSID} = “IIVBShlExt Class” \InProcServer32(Default) = “C:\Program Files\Photo Toolkit\IvBar\ivbshlext.dll” [file not found] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{2B3453E4-49DF-11D3-8229-0080BE509050}” = “GMail Drive” -> {HKLM…CLSID} = “GMail Drive” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509052}” = “GMailFS Property Sheet” -> {HKLM…CLSID} = “GMailFS Property Sheet” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509054}” = “GMailFS Drop Handler” -> {HKLM…CLSID} = “GMailFS Drop Handler” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{2B3453E4-49DF-11D3-8229-0080BE509056}” = “GMailFS Context Menu” -> {HKLM…CLSID} = “GMailFS Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ East-TecEraser(Default) = “{E0BD38EB-C8EC-11D2-B274-B493B003B125}” -> {HKLM…CLSID} = “East-Tec Eraser Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\EAST-T~1\eteshell.dll” [“EAST Technologies”] Hex Editor 3(Default) = “{B95713CD-06FF-4D35-A9DA-4DBDFE5FD7F4}” -> {HKLM…CLSID} = “ShellExt Class” \InProcServer32(Default) = “C:\Program Files\HHD Software\Hex Editor 3.x\heshell.dll” [“HHD Software”] Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ CMenuExtender(Default) = “{ABC70703-32AF-11d4-90C4-D483A70F4825}” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “C:\Program Files\iColorFolder\CMExt.dll” [file not found] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ East-TecEraser(Default) = “{E0BD38EB-C8EC-11D2-B274-B493B003B125}” -> {HKLM…CLSID} = “East-Tec Eraser Context Menu Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\EAST-T~1\eteshell.dll” [“EAST Technologies”] Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ IVBShlExt(Default) = “{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}” -> {HKLM…CLSID} = “IIVBShlExt Class” \InProcServer32(Default) = “C:\Program Files\Photo Toolkit\IvBar\ivbshlext.dll” [file not found] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Enable Active Desktop} “NoActiveDesktop” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} “ClassicShell” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “SynchronousMachineGroupPolicy” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “SynchronousUserGroupPolicy” = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Pulpit\Kasper\Soft5-Wallpaper-05-1024\Soft5-Wallpaper-05-1024.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Administrator\Pulpit\Kasper\Soft5-Wallpaper-05-1024\Soft5-Wallpaper-05-1024.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\Matrix.scr” [null data] Startup items in “Administrator” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Enabled Scheduled Tasks: ------------------------ “mks_vir - Zadanie 0” -> WARNING – The file “mks_vir - Zadanie 0.job” is corrupt! (no executable) “Norton AntiVirus - Run Full System Scan - Administrator” -> launches: “C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:“C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca”” [“Symantec Corporation”] “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{C4069E3A-68F1-403E-B40E-20066696354B}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] “{37B85A29-692B-4205-9CAD-2626E4993404}” -> {HKLM…CLSID} = “My Global Search Bar” \InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”] “{C4069E3A-68F1-403E-B40E-20066696354B}” = “Norton AntiVirus” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] “{37B85A29-692B-4205-9CAD-2626E4993404}” = (no title provided) -> {HKLM…CLSID} = “My Global Search Bar” \InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {43CF38F3-5AEC-45A3-AD31-04EB06E9C6CA}\ “ButtonText” = “Flash” “CLSIDExtension” = “{F81D52BF-F2F1-4F49-BF5F-05664E803039}” -> {HKLM…CLSID} = “IEButton Class” \InProcServer32(Default) = “C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll” [“UnH Solutions”] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] {09EA1F80-F40A-11D1-B792-444553540001}\ “ButtonText” = “Flash Saver” “MenuText” = “Flash Saver” “Script” = “C:\PROGRA~1\FLASHS~1\save.htm” [null data] {36ECAF82-3300-8F84-092E-AFF36D6C7040}\ “ButtonText” = “Run WinHTTrack” “MenuText” = “Launch WinHTTrack” “CLSIDExtension” = “{86529161-034E-4F8A-88D2-3C625E612E04}” -> {HKLM…CLSID} = “WinHTTrackLauncher Class” \InProcServer32(Default) = “C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll” [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.EXE” [“Creative Technology Ltd”] Kodak Camera Connection Software, KodakCCS, “C:\WINDOWS\system32\drivers\KodakCCS.exe” [“Eastman Kodak Company”] LicCtrl Service, LicCtrlService, “C:\WINDOWS\runservice.exe” [null data] Norton AntiVirus Auto-Protect Service, navapsvc, ““C:\Program Files\Norton AntiVirus\navapsvc.exe”” [“Symantec Corporation”] Norton AntiVirus Firewall Monitor Service, NPFMntor, ““C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe”” [“Symantec Corporation”] Norton Protection Center Service, NSCService, ““C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE”” [“Symantec Corporation”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] ScsiAccess, ScsiAccess, “C:\WINDOWS\System32\ScsiAccess.EXE” [null data] SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [null data] SPBBCSvc, SPBBCSvc, ““C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe”” [“Symantec Corporation”] StyleXPService, StyleXPService, ““C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”” [empty string] Symantec Core LC, Symantec Core LC, ““C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Network Drivers Service, SNDSrvc, ““C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt07\Driver = “hpzsnt07.dll” [“HP”] OLFax Ports\Driver = “OLFMNT40.DLL” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 216 seconds, including 7 seconds for message boxes)

adam9870 · 1 Marzec 2007 13:43

Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

Plik i folder usuń ręcznie z dysku będąc w trybie awaryjnym natomiast wpisy HijackThis.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners. Dodatkowo ze względu na resztki po rootkicie możesz wkleić jeszcze dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

system · 1 Marzec 2007 15:28

[http://rapidshare.com/files/18866288/St … 5.txt.html](http://rapidshare.com/files/18866288/Startup_Programs DOM2 2007-03-01_15.24.15.txt.html)

http://rapidshare.com/files/18872163/gmer1.txt.html

http://rapidshare.com/files/18872470/gmer2.txt.html

http://rapidshare.com/files/18872722/hi … s.log.html

adam9870 · 1 Marzec 2007 16:32

Usuń wpis HJT.

Poza tym nadal siedzi rootkit:

Użyj narzędzia HaxFix i wybierz opcję 2. Run auto Fix

Po wykonaniu wklej nowy log z hijacka i Gmer’a wykonany przy zaznaczonej opcji usługi + pokazuj wszystko.

system · 1 Marzec 2007 17:01

Usunąć te pozycje z HJT? Użyłem HaxFixa, i tak:

Logfile of HijackThis v1.99.1 Scan saved at 17:58:58, on 2007-03-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\runservice.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Opera1\Opera.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Administrator\Pulpit\Kasper\Duperele\cd-2oo6\Anti_spy\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av … _homepage/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Vistadrv] C:\Documents and Settings\Administrator\Pulpit\Vistadrive\Vistadrive\vsdrv.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKCU…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto O4 - HKCU…\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU…\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra ‘Tools’ menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house … hcImpl.cab O20 - Winlogon Notify: avpe32 - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-03-01 17:59:43 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [DISABLED] Abiosdsk Service C:\Program [DISABLED] ABNetMon Service [DISABLED] abp480n5 Service C:\Program Files\MKS\Bin\ABTDI.sys [sYSTEM] ABTDI Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\System32\DRIVERS\amdk7.sys [sYSTEM] AmdK7 Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\DRIVERS\ASPI32.sys [MANUAL] ASPI Service C:\WINDOWS\System32\drivers\aspi32.sys [sYSTEM] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\WINDOWS\system32\avpe64.sys [AUTO] avpe32 Service C:\WINDOWS\system32\avpe64.sys [sYSTEM] avpe64 Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [AUTO] ccEvtMgr Service C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [AUTO] ccSetMgr Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [AUTO] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\system32\drivers\cmaudio.sys [MANUAL] cmpci Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\CTsvcCDA.EXE [AUTO] Creative Service for CDROM Access Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service C:\WINDOWS\system32\DRIVERS\d347bus.sys [bOOT] d347bus Service C:\WINDOWS\System32\Drivers\d347prt.sys [bOOT] d347prt Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\DRIVERS\DcCam.sys [sYSTEM] DcCam Service C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [MANUAL] DcFpoint Service C:\WINDOWS\system32\drivers\dcfs2k.sys [AUTO] DCFS2K Service C:\WINDOWS\System32\DRIVERS\DcLps.sys [MANUAL] DcLps Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\DRIVERS\DcPTP.sys [MANUAL] DcPTP Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [MANUAL] ElbyCDFL Service C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [AUTO] ElbyCDIO Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service C:\WINDOWS\System32\DRIVERS\exportit.sys [sYSTEM] Exportit Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [MANUAL] GEARAspiWDM Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPodService Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [MANUAL] Jukebox3 Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service C:\WINDOWS\system32\drivers\KodakCCS.exe [AUTO] KodakCCS Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service C:\WINDOWS\runservice.exe [AUTO] LicCtrlService Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [bOOT] Mup Service C:\Program Files\Norton AntiVirus\navapsvc.exe [AUTO] navapsvc Service C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVENG.SYS [MANUAL] NAVENG Service C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVEX15.SYS [MANUAL] NAVEX15 Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\WINDOWS\system32\DRIVERS\NMnt.sys [MANUAL] nm Service C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [AUTO] NPFMntor Service [sYSTEM] Npfs Service C:\Program Files\Gravity\RO\npkcrypt.sys [MANUAL] npkcrypt Service C:\WINDOWS\system32\npptNT2.sys [sYSTEM] NPPTNT2 Service C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [MANUAL] NSCService Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service System32\DRIVERS\nvDual.sys [bOOT] NVDual Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\oUltraf.sys [MANUAL] oUltraf Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\pciide.sys [bOOT] PCIIde Service [DISABLED] Pcmcia Service C:\WINDOWS\System32\Drivers\Pcouffin.sys [MANUAL] Pcouffin Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc Service C:\Program Files\PeerGuardian2\pgfilter.sys [MANUAL] pgfilter Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service RAVGD Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\locator.exe [AUTO] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\Program Files\Norton AntiVirus\SAVRT.SYS [sYSTEM] SAVRT Service C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS [sYSTEM] SAVRTPEL Service C:\Program Files\Norton AntiVirus\SAVScan.exe [MANUAL] SAVScan Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\ScsiAccess.EXE [AUTO] ScsiAccess Service ScsiPort Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\System32\DRIVERS\sisagp.sys [bOOT] sisagp Service C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [AUTO] SNDSrvc Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\sony_ssm.sys [MANUAL] sony_ssm.sys Service [DISABLED] Sparrow Service C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [sYSTEM] SPBBCDrv Service C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [AUTO] SPBBCSvc Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe [sYSTEM] StyleXPHelper Service C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [AUTO] StyleXPService Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service swwd Service C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [AUTO] Symantec Core LC Service [DISABLED] symc810 Service [DISABLED] symc8xx Service C:\WINDOWS\System32\Drivers\SYMDNS.SYS [MANUAL] SYMDNS Service C:\Program Files\Symantec\SYMEVENT.SYS [MANUAL] SymEvent Service C:\WINDOWS\System32\Drivers\SYMFW.SYS [MANUAL] SYMFW Service C:\WINDOWS\System32\Drivers\SYMIDS.SYS [MANUAL] SYMIDS Service C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20070221.002\SymIDSCo.sys [MANUAL] SYMIDSCO Service C:\WINDOWS\system32\drivers\symlcbrd.sys [AUTO] symlcbrd Service C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [MANUAL] SYMNDIS Service C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [MANUAL] SYMREDRV Service C:\WINDOWS\System32\Drivers\SYMTDI.SYS [sYSTEM] SYMTDI Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [MANUAL] TVICHW32 Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf Service UnlockerDriver5 Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbohci.sys [MANUAL] usbohci Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\UAService7.exe [AUTO] UserAccess7 Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service VFILT Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service VxD Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service wscsvc Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {28D2DD98-FFCA-44E2-84A1-0E53C6DDFAC6} Service {BB5ECB1D-D0A2-46FB-A7F1-70B509D3DEBB} ---- EOF - GMER 1.0.12 ----

adam9870 · 1 Marzec 2007 17:09

Nadal jest:

Na pewno użyłeś dobrze HaxFix’a?

Cóż, usuwanie ręczne:

W Gmerze w zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

Kliknij Uruchom. Po chwilce zostanie tylko okienko Gmer’a i komputer się zrestartuje.

Usuń wpis HJT jeśli będzie.

Po wykonaniu daj nowe logi (hijack + gmer) i wynik szukania w Registry Search Tool na szukanie avpe32 i avpe64

system · 1 Marzec 2007 17:53

Logfile of HijackThis v1.99.1 Scan saved at 18:44:43, on 2007-03-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\runservice.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Opera1\Opera.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\Administrator\Pulpit\Kasper\Duperele\cd-2oo6\Anti_spy\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av … _homepage/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Vistadrv] C:\Documents and Settings\Administrator\Pulpit\Vistadrive\Vistadrive\vsdrv.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKCU…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto O4 - HKCU…\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU…\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra ‘Tools’ menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house … hcImpl.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

GMER 1.0.12.12027 - http://www.gmer.net

Rootkit scan 2007-03-01 18:40:45

Windows 5.1.2600 Dodatek Service Pack 2

— Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [DISABLED] Abiosdsk Service C:\Program [DISABLED] ABNetMon Service [DISABLED] abp480n5 Service C:\Program Files\MKS\Bin\ABTDI.sys [sYSTEM] ABTDI Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\System32\DRIVERS\amdk7.sys [sYSTEM] AmdK7 Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\DRIVERS\ASPI32.sys [MANUAL] ASPI Service C:\WINDOWS\System32\drivers\aspi32.sys [sYSTEM] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [AUTO] ccEvtMgr Service C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [AUTO] ccSetMgr Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [AUTO] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\system32\drivers\cmaudio.sys [MANUAL] cmpci Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\CTsvcCDA.EXE [AUTO] Creative Service for CDROM Access Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service C:\WINDOWS\system32\DRIVERS\d347bus.sys [bOOT] d347bus Service C:\WINDOWS\System32\Drivers\d347prt.sys [bOOT] d347prt Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\DRIVERS\DcCam.sys [sYSTEM] DcCam Service C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [MANUAL] DcFpoint Service C:\WINDOWS\system32\drivers\dcfs2k.sys [AUTO] DCFS2K Service C:\WINDOWS\System32\DRIVERS\DcLps.sys [MANUAL] DcLps Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\DRIVERS\DcPTP.sys [MANUAL] DcPTP Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [MANUAL] ElbyCDFL Service C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [AUTO] ElbyCDIO Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service C:\WINDOWS\System32\DRIVERS\exportit.sys [sYSTEM] Exportit Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [MANUAL] GEARAspiWDM Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPodService Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [MANUAL] Jukebox3 Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service C:\WINDOWS\system32\drivers\KodakCCS.exe [AUTO] KodakCCS Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service C:\WINDOWS\runservice.exe [AUTO] LicCtrlService Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [bOOT] Mup Service C:\Program Files\Norton AntiVirus\navapsvc.exe [AUTO] navapsvc Service C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVENG.SYS [MANUAL] NAVENG Service C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050912.024\NAVEX15.SYS [MANUAL] NAVEX15 Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\WINDOWS\system32\DRIVERS\NMnt.sys [MANUAL] nm Service C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [AUTO] NPFMntor Service [sYSTEM] Npfs Service C:\Program Files\Gravity\RO\npkcrypt.sys [MANUAL] npkcrypt Service C:\WINDOWS\system32\npptNT2.sys [sYSTEM] NPPTNT2 Service C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [MANUAL] NSCService Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service System32\DRIVERS\nvDual.sys [bOOT] NVDual Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\oUltraf.sys [MANUAL] oUltraf Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\pciide.sys [bOOT] PCIIde Service [DISABLED] Pcmcia Service C:\WINDOWS\System32\Drivers\Pcouffin.sys [MANUAL] Pcouffin Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc Service C:\Program Files\PeerGuardian2\pgfilter.sys [MANUAL] pgfilter Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service RAVGD Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\locator.exe [AUTO] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\Program Files\Norton AntiVirus\SAVRT.SYS [sYSTEM] SAVRT Service C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS [sYSTEM] SAVRTPEL Service C:\Program Files\Norton AntiVirus\SAVScan.exe [MANUAL] SAVScan Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\ScsiAccess.EXE [AUTO] ScsiAccess Service ScsiPort Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\System32\DRIVERS\sisagp.sys [bOOT] sisagp Service C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [AUTO] SNDSrvc Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\sony_ssm.sys [MANUAL] sony_ssm.sys Service [DISABLED] Sparrow Service C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [sYSTEM] SPBBCDrv Service C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [AUTO] SPBBCSvc Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe [sYSTEM] StyleXPHelper Service C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [AUTO] StyleXPService Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service swwd Service C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [AUTO] Symantec Core LC Service [DISABLED] symc810 Service [DISABLED] symc8xx Service C:\WINDOWS\System32\Drivers\SYMDNS.SYS [MANUAL] SYMDNS Service C:\Program Files\Symantec\SYMEVENT.SYS [MANUAL] SymEvent Service C:\WINDOWS\System32\Drivers\SYMFW.SYS [MANUAL] SYMFW Service C:\WINDOWS\System32\Drivers\SYMIDS.SYS [MANUAL] SYMIDS Service C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20070221.002\SymIDSCo.sys [MANUAL] SYMIDSCO Service C:\WINDOWS\system32\drivers\symlcbrd.sys [AUTO] symlcbrd Service C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [MANUAL] SYMNDIS Service C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [MANUAL] SYMREDRV Service C:\WINDOWS\System32\Drivers\SYMTDI.SYS [sYSTEM] SYMTDI Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [MANUAL] TVICHW32 Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf Service UnlockerDriver5 Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbohci.sys [MANUAL] usbohci Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\UAService7.exe [AUTO] UserAccess7 Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service VFILT Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service VxD Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service wscsvc Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {28D2DD98-FFCA-44E2-84A1-0E53C6DDFAC6} Service {BB5ECB1D-D0A2-46FB-A7F1-70B509D3DEBB} ---- EOF - GMER 1.0.12 ----

Reg Search nic nie znalazł =]

Gutek · 1 Marzec 2007 19:10

Już Ok

Skan AVG Anti-Spyware 7.5 po update

system · 1 Marzec 2007 20:14

Jest już dobrze =] Dziękuję bardzo Wam obu za pomoc =] Pozdrawiam