Problem z pocztą, przegladarka IE

grejs · 8 Czerwiec 2007 09:11

Witam,

mam problem z dostępem do poczty na wp, poczta albo się nie otwiera,albo za każdym razem kiedy próbuje wejśc w wiadomość, jest żądanie ponownego logowania i wiadomość nie otwiera się i tak ciągle… Proszę o pomoc i sprawdzenie,czy coś mi znowu nie wlazło…

Logfile of HijackThis v1.99.1 Scan saved at 11:05:41, on 2007-06-08 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe D:\Program Files\SiteAdvisor\6066\SAService.exe D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe D:\WINDOWS\Explorer.EXE D:\Program Files\SiteAdvisor\6066\SiteAdv.exe D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\system32\notepad.exe D:\WINDOWS\system32\notepad.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM…\Run: [siteAdvisor] D:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [spyware Doctor] “D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 6571394826 O17 - HKLM\System\CCS\Services\Tcpip…{8AD810F0-1959-4D43-97F2-EE50546B97BC}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\6066\SiteAdv.dll O23 - Service: Network helper Service (MSDisk) - Unknown owner - D:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - D:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

ComboFix 07-05.27.BV - Running from: “D:\Documents and Settings\Kasia\Pulpit\waľne narz©dzia” ((((((((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))))) 2007-06-05 21:03 2007-06-05 11:52 64,000 --a------ D:\WINDOWS\system32\drivers\e4ldr.sys 2007-06-05 11:52 50,007 --a------ D:\WINDOWS\system32\drivers\adildr.sys 2007-06-05 11:52 46,892 --a------ D:\WINDOWS\system32\ADADIX16.DLL 2007-06-05 11:52 4,981 --a------ D:\WINDOWS\system32\ADADIX2K.DLL 2007-06-05 11:52 24,576 --a------ D:\WINDOWS\enddisk32.exe 2007-06-05 11:52 22,395 --a------ D:\WINDOWS\system32\drivers\fpga.bin 2007-06-05 11:52 176,128 --a------ D:\WINDOWS\autoclk.exe 2007-06-05 11:52 155,648 --a------ D:\WINDOWS\system32\adadix32.dll 2007-06-05 11:52 152,220 --a------ D:\WINDOWS\system32\drivers\L1E4I2.BIN 2007-06-05 11:52 152,220 --a------ D:\WINDOWS\system32\drivers\L1E4I1.BIN 2007-06-05 11:52 152,220 --a------ D:\WINDOWS\system32\drivers\L1E4I0.BIN 2007-06-05 11:52 152,132 --a------ D:\WINDOWS\system32\drivers\L1E4P2.BIN 2007-06-05 11:52 152,132 --a------ D:\WINDOWS\system32\drivers\L1E4P1.BIN 2007-06-05 11:52 152,132 --a------ D:\WINDOWS\system32\drivers\L1E4P0.BIN 2007-06-05 11:52 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9P2.BIN 2007-06-05 11:52 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9P1.BIN 2007-06-05 11:52 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9P0.BIN 2007-06-05 11:52 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9I2.BIN 2007-06-05 11:52 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9I1.BIN 2007-06-05 11:52 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9I0.BIN 2007-06-05 11:52 152,036 --a------ D:\WINDOWS\system32\drivers\L1E4D2.BIN 2007-06-05 11:52 152,034 --a------ D:\WINDOWS\system32\drivers\L1E4D1.BIN 2007-06-05 11:52 152,034 --a------ D:\WINDOWS\system32\drivers\L1E4D0.BIN 2007-06-05 11:52 143,360 --a------ D:\WINDOWS\adiras.exe 2007-06-05 11:52 135,168 --a------ D:\WINDOWS\system32\unaddrv.exe 2007-06-05 11:52 127,456 --a------ D:\WINDOWS\system32\IPDETECT.EXE 2007-06-05 11:52 126,976 --a------ D:\WINDOWS\system32\coclassfast.dll 2007-06-05 11:52 126,489 --a------ D:\WINDOWS\system32\drivers\adiusbaw.sys 2007-06-05 11:52 116,992 --a------ D:\WINDOWS\system32\drivers\e4usbaw.sys 2007-06-05 11:52 2007-05-29 21:24 49,152 --a------ D:\WINDOWS\nircmd.exe 2007-05-26 09:56 2007-05-11 21:46 2007-05-11 12:11 2007-05-10 21:11 2007-05-10 20:08 2007-05-10 19:35 2007-05-10 10:52 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-05 16:02:18 50,748 ----a-w D:\WINDOWS\system32\perfc015.dat 2007-06-05 16:02:18 358,702 ----a-w D:\WINDOWS\system32\perfh015.dat 2007-05-26 07:58:36 12,400 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2007-05-05 17:39:28 76,560 ----a-w D:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-05 17:39:26 -------- d-----w D:\Program Files\Trend Micro 2007-05-05 08:02:00 25,992 ----a-w D:\WINDOWS\system32\pgdfgsvc.exe 2007-05-04 20:02:48 -------- d-----w D:\Program Files\Odkurzacz 2007-05-04 14:41:38 -------- d-----w D:\Program Files\Lavalys 2007-05-02 13:35:14 -------- d-----w D:\Program Files\Moko Interactive 2007-05-02 13:35:12 -------- d-----w D:\Program Files\jv16 PowerTools 2007-05-02 11:23:06 -------- d-----w D:\Program Files\jv16 PowerTools(2) 2007-05-01 15:45:20 -------- d-----w D:\Program Files\Support Tools 2007-05-01 09:45:58 -------- d-----w D:\Program Files\SiteAdvisor 2007-05-01 09:43:54 -------- d-----w D:\DOCUME~1\Kasia\DANEAP~1\SiteAdvisor 2007-04-27 20:39:52 26,622 ----a-w D:\WINDOWS\system32\lr86.exe 2007-04-16 14:58:40 0 ----a-w D:\WINDOWS\system32\CMMGR32.EXE 2007-04-14 17:02:50 726,920 ----a-w D:\Program Files\WindowsXP-KB935448-x86-PLK.exe 2007-04-14 16:57:24 4,709,688 ----a-w D:\Program Files\WindowsXP-KB922760-x86-PLK.exe 2007-04-14 14:50:36 23,016 ----a-w D:\WINDOWS\system32\emptyregdb.dat 2007-04-14 14:30:24 37,860,928 ----a-w D:\Program Files\iTunesSetup.exe 2007-04-10 18:54:30 -------- d-----w D:\DOCUME~1\Kasia\DANEAP~1\FunkyFarm 2007-04-10 18:32:16 -------- d-----w D:\Program Files\Play 2007-04-10 17:58:26 -------- d-----w D:\Program Files\Calaris (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {089FD14D-132B-48FC-8861-0048AE113215}=D:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SiteAdvisor”=“D:\Program Files\SiteAdvisor\6066\SiteAdv.exe” [2007-03-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Odkurzacz-MCD”=“D:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “Spyware Doctor”=“D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” [2007-03-26 21:09] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”=“D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=c:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=D:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk] backup=D:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Kasia^Menu Start^Programy^Autostart^Trend Micro Anti-Spyware.lnk] backup=D:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] “D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-08 11:27:02 Windows 5.1.2600 FAT NTAPI scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-06-08 11:29:19 D:\ComboFix-quarantined-files.txt … 2007-06-08 11:27 D:\ComboFix2.txt … 2007-06-05 21:11 D:\ComboFix3.txt … 2007-06-05 20:18 — E O F —

iwanike · 8 Czerwiec 2007 09:18

próbowałeś na FF albo na operze ? też miałem taki problem z IE i zmieniłem przeglądarke na FF oraz zainstalowałem opere

grejs · 8 Czerwiec 2007 11:38

Wklejam jeszcze loga z SR, nadal nie mogę dostać się do poczty…AVG nic nie wykrywa…

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Odkurzacz-MCD” = “D:\Program Files\Odkurzacz\odk_mcd.exe” [“Franmo Software”] “Spyware Doctor” = ““D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q” [“PC Tools Research Pty Ltd”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SiteAdvisor” = “D:\Program Files\SiteAdvisor\6066\SiteAdv.exe” [“McAfee, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {089FD14D-132B-48FC-8861-0048AE113215}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\SiteAdvisor\6066\SiteAdv.dll” [“McAfee, Inc.”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Startup items in “Kasia” & “All Users” startup folders: ------------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart “DSLMON” -> shortcut to: “D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{0BF43445-2F28-4351-9252-17FE6E806AA0}” = “McAfee SiteAdvisor” -> {HKLM…CLSID} = “McAfee SiteAdvisor” \InProcServer32(Default) = “D:\Program Files\SiteAdvisor\6066\SiteAdv.dll” [“McAfee, Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ““D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] PC Tools Spyware Doctor, SDhelper, “D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe” [“PC Tools Research Pty Ltd”] SiteAdvisor Service, SiteAdvisor Service, “D:\Program Files\SiteAdvisor\6066\SAService.exe” [“McAfee, Inc.”] SoundMAX Agent Service, SoundMAX Agent Service (default), “D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 651 seconds. ---------- (total run time: 3641 seconds)

Gutek · 8 Czerwiec 2007 14:40

daruj sobie sprawdzanie logów i takie wstawki

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Network helper Service , wpis usuń HJTY

grejs · 8 Czerwiec 2007 14:56

Nie mam uruchomionej tej usługi, nie mogę też usunąć wpisu HJTY, tzn. zaznaczam, do usunięcia, wszystko znika i przy następnym skanowaniu znów się pojawia…co mogę zrobić…? pomocy

Gutek · 8 Czerwiec 2007 14:59

W trybie awaryjnym usuń wpis.

Pobierz Gmer

Rootkit=>szukaj=>bez zaznaczania pokaż wszystko=> Ctrl + V do posta wklej
Rootkit => zaznaczone tylko Pokazuj wszystko + Usługi => Szukaj => Kopiuj => Ctrl + V do posta wklej

grejs · 8 Czerwiec 2007 15:45

W trybie awaryjnym również ten wpis nie chce mi się usunąć z HJTY …

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-08 17:44:31 Windows 5.1.2600 ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06] ? D:\WINDOWS\TEMP\mc21.tmp Nie można odnaleźć określonego pliku. ---- User code sections - GMER 1.0.12 ---- .text D:\WINDOWS\system32\csrss.exe[620] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\csrss.exe[620] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\services.exe[688] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\services.exe[688] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[872] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla gmer.zip\gmer.exe[940] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla gmer.zip\gmer.exe[940] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla gmer.zip\gmer.exe[940] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla gmer.zip\gmer.exe[940] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla gmer.zip\gmer.exe[940] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla gmer.zip\gmer.exe[940] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1452] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1452] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1452] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1452] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1452] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1452] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\Explorer.EXE[1752] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\Explorer.EXE[1752] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1876] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1876] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1876] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1876] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1876] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1876] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[1900] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[1900] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[1900] USER32.dll!DispatchMessageA 77D341F2 6 Bytes JMP 5F040F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1908] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1908] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1908] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1908] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1908] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1908] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] ---- Registry - GMER 1.0.12 ---- Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@dbdijhljddbcfdhbndolcnclameahcaegchgenjj 0x6A 0x61 0x70 0x65 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@cbnhhlblojcpagbameglbdklmpiamnabfiagce 0x6A 0x61 0x70 0x65 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@abpcjlbjleblkofiapgndmnopcamggbpem 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@mamcendncnlodhccdogmffefpb 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@bbbkodamflpapiloojbngcilffjmlckkmhkg 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abhnedbbjhklkkcjbjmdlcjnlnghppelhj 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abnkkafmpihcgeibnlfadnidciphabbpje 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@maoknanflkimlfckibgpbchokf 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@iabkodamflpapilooj 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@hahnedbbjhklkkcj 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@iankkhgpmoonkbgccf 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@bbbkodamflpapiloojbngcilffjmgbfofkbf 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abhnedbbjhklkkcjbjmdlcjnlnpjedpima 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@dbcgnijoampoldcfddfpmjibgaebaongmhkcopbb 0x6A 0x61 0x67 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@cbifhflimenbflbcalcammhcampihoblfcjeon 0x6A 0x61 0x67 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@iacgnijoampoldcfdd 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@haifhflimenbflbc 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@iagjffmcicjcpefhcg 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@abgjfgfggdbcgomnafomimjbcgddncffch 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@mahjacajjiocibpbhbnjbhbbhk 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@cbfidogciigjcdbignhnkboocjjljaflpchcam 0x6A 0x61 0x6A 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@bbhhfofodhkanbgploepkaffhdbijibpalfd 0x6A 0x61 0x6A 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@abjjdoklgkhioeehhjdmffmoadaeafnkfk 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@maijgoccbfpcbkfpofkbchphpi 0x61 0x61 0x00 0x00 ---- EOF - GMER 1.0.12 ----

Złączono Posta : 08.06.2007 (Pią) 17:46

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-08 17:45:40 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service D:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service D:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service D:\WINDOWS\System32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service [MANUAL] AdWatchDrv Service D:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service D:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service D:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service D:\WINDOWS\System32\svchost.exe [AUTO] Alerter Service D:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service D:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service D:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service D:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service D:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service D:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service D:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service D:\WINDOWS\System32\svchost.exe [AUTO] BITS Service D:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service D:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service D:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc Service D:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service D:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service D:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [AUTO] CSRRS Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service D:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service D:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service D:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service D:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service D:\WINDOWS\System32\DRIVERS\dmio.sys [bOOT] dmio Service [bOOT] dmload Service D:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service D:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service D:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service D:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service D:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service D:\WINDOWS\system32\services.exe [AUTO] Eventlog Service D:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service D:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service D:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service D:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service D:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service D:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service D:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service D:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service D:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service D:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service D:\WINDOWS\system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service D:\WINDOWS\system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service D:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service D:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service D:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service D:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service D:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service D:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service D:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service D:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service D:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service D:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service D:\WINDOWS\TEMP\mc21.tmp [DISABLED] mchInjDrv Service D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service D:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service D:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service D:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service D:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service D:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service D:\WINDOWS\System32\irdvxc.exe [AUTO] MSDisk Service D:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service D:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service D:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service D:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service D:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service [AUTO] MSWindows Service [bOOT] Mup Service [bOOT] NDIS Service D:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service D:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service D:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service D:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service D:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service D:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service D:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service D:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service D:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service D:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service D:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service D:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service D:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service PageDefrag Service [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service D:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service D:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service D:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service D:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service D:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service D:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service D:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service D:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service D:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service D:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service D:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service D:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service D:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service D:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service D:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service D:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service D:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service D:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service D:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service D:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service D:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service D:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service D:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service D:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe [AUTO] SDhelper Service D:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service D:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service D:\WINDOWS\system32\svchost.exe [AUTO] SENS Service D:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service D:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service D:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service D:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service D:\Program Files\SiteAdvisor\6066\SAService.exe [AUTO] SiteAdvisor Service Service D:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service D:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service D:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service D:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service D:\WINDOWS\System32\svchost.exe [AUTO] srservice Service D:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service D:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service D:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service D:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service D:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service D:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service D:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service D:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service D:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service D:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service D:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service D:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service D:\WINDOWS\System32\svchost.exe [AUTO] Themes Service D:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service D:\WINDOWS\System32\drivers\tmcomm.sys [AUTO] tmcomm Service [DISABLED] TosIde Service D:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service D:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service D:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service D:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service D:\WINDOWS\System32\ups.exe [MANUAL] UPS Service D:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service D:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service D:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service D:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service D:\WINDOWS\System32\DRIVERS\viaagp1.sys [bOOT] viaagp1 Service D:\WINDOWS\System32\DRIVERS\viaidexp.sys [bOOT] ViaIde Service D:\WINDOWS\System32\DRIVERS\viasraid.sys [bOOT] viasraid Service [bOOT] VolSnap Service D:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service VxD Service D:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service D:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service D:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service D:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service D:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service D:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service D:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service D:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service D:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service [DISABLED] wscsvc Service D:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service D:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service D:\WINDOWS\System32\DRIVERS\yk51x86.sys [MANUAL] yukonwxp Service {986FA2B6-D72E-4A44-86C4-6D721C59AD25} ---- EOF - GMER 1.0.12 ----

Gutek · 8 Czerwiec 2007 16:01

Otwierasz Gmera i w zakładce CMD dla opcji CMD wklejasz:

i kliknij na Uruchom z prawej strony.

grejs · 8 Czerwiec 2007 18:01

zrobiłam tak jak napisałeś, kliknęłam uruchom i wyskoczył mi taki komunikat “DeleteService: Parametr jest niepoprawny”… co mogę jeszcze zrobić…?

Złączono Posta : 08.06.2007 (Pią) 20:09

Kiedy wcisnęłam na tym komunikacie ok pojawił się następny: “Wystąpił błąd nr 0xC0000034 w czasie kasowania pliku: D:\WINDOWS\System32\irdvxc.exe”

Złączono Posta : 08.06.2007 (Pią) 20:19

kiedy i tu wcisnęłam ok, w drugim okienku pokazłao się, że polecenia wykonano, następnie ekran zgasł i komputer się zrestartował…ale mam wrażenie, że nic się nie zmieniło… czy mam zrobić coś jeszcze czy dać loga? z jakiego programu? …Dzięki, że tak mi (i nie tylko) pomagasz…

Złączono Posta : 08.06.2007 (Pią) 21:52

Wpis

nadal jest wykrywany przez HJTY, nie udaje mi się go skasować ani przez HJ ani przez Gmer’a ale już mogę korzystać z poczty,nie wiem z czego to wynika ale cieszę się i dzięki Jeśli mogę jeszcze coś zrobić z tym wpisem, to będę wdzięczna za pomoc…

Gutek · 9 Czerwiec 2007 08:54

Daj log z Gmera

grejs · 9 Czerwiec 2007 12:01

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-09 13:59:57 Windows 5.1.2600 ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06] ? D:\WINDOWS\TEMP\mc21.tmp Nie można odnaleźć określonego pliku. ---- User code sections - GMER 1.0.12 ---- .text D:\WINDOWS\Explorer.EXE[288] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\Explorer.EXE[288] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\Explorer.EXE[288] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\Explorer.EXE[288] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\Explorer.EXE[288] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\Explorer.EXE[288] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[416] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[416] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[416] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[416] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[416] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[416] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[436] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[436] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[436] USER32.dll!DispatchMessageA 77D341F2 6 Bytes JMP 5F040F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[444] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[444] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[444] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[444] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[444] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[444] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\WINDOWS\system32\csrss.exe[620] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\csrss.exe[620] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\services.exe[688] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\services.exe[688] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Internet Explorer\iexplore.exe[732] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Internet Explorer\iexplore.exe[732] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Internet Explorer\iexplore.exe[732] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Internet Explorer\iexplore.exe[732] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Internet Explorer\iexplore.exe[732] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Internet Explorer\iexplore.exe[732] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Internet Explorer\iexplore.exe[1796] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Internet Explorer\iexplore.exe[1796] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Internet Explorer\iexplore.exe[1796] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Internet Explorer\iexplore.exe[1796] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Internet Explorer\iexplore.exe[1796] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Internet Explorer\iexplore.exe[1796] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[3764] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[3764] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[3764] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[3764] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[3764] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[3764] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] ---- Registry - GMER 1.0.12 ---- Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@dbdijhljddbcfdhbndolcnclameahcaegchgenjj 0x6A 0x61 0x70 0x65 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@cbnhhlblojcpagbameglbdklmpiamnabfiagce 0x6A 0x61 0x70 0x65 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@abpcjlbjleblkofiapgndmnopcamggbpem 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@mamcendncnlodhccdogmffefpb 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@bbbkodamflpapiloojbngcilffjmlckkmhkg 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abhnedbbjhklkkcjbjmdlcjnlnghppelhj 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abnkkafmpihcgeibnlfadnidciphabbpje 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@maoknanflkimlfckibgpbchokf 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@iabkodamflpapilooj 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@hahnedbbjhklkkcj 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@iankkhgpmoonkbgccf 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@bbbkodamflpapiloojbngcilffjmgbfofkbf 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abhnedbbjhklkkcjbjmdlcjnlnpjedpima 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@dbcgnijoampoldcfddfpmjibgaebaongmhkcopbb 0x6A 0x61 0x67 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@cbifhflimenbflbcalcammhcampihoblfcjeon 0x6A 0x61 0x67 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@iacgnijoampoldcfdd 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@haifhflimenbflbc 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@iagjffmcicjcpefhcg 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@abgjfgfggdbcgomnafomimjbcgddncffch 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@mahjacajjiocibpbhbnjbhbbhk 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@cbfidogciigjcdbignhnkboocjjljaflpchcam 0x6A 0x61 0x6A 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@bbhhfofodhkanbgploepkaffhdbijibpalfd 0x6A 0x61 0x6A 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@abjjdoklgkhioeehhjdmffmoadaeafnkfk 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@maijgoccbfpcbkfpofkbchphpi 0x61 0x61 0x00 0x00 ---- EOF - GMER 1.0.12 ----

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-09 14:00:30 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service D:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service D:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service D:\WINDOWS\System32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service [MANUAL] AdWatchDrv Service D:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service D:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service D:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service D:\WINDOWS\System32\svchost.exe [AUTO] Alerter Service D:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service D:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service D:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service D:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service D:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service D:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service D:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service D:\WINDOWS\System32\svchost.exe [AUTO] BITS Service D:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service D:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service D:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc Service D:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service D:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service D:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [AUTO] CSRRS Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service D:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service D:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service D:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service D:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service D:\WINDOWS\System32\DRIVERS\dmio.sys [bOOT] dmio Service [bOOT] dmload Service D:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service D:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service D:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service D:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service D:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service D:\WINDOWS\system32\services.exe [AUTO] Eventlog Service D:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service D:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service D:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service D:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service D:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service D:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service D:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service D:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service D:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service D:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service D:\WINDOWS\system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service D:\WINDOWS\system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service D:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service D:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service D:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service D:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service D:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service D:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service D:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service D:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service D:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service D:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service D:\WINDOWS\TEMP\mc21.tmp [DISABLED] mchInjDrv Service D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service D:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service D:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service D:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service D:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service D:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service D:\WINDOWS\System32\irdvxc.exe [AUTO] MSDisk Service D:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service D:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service D:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service D:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service D:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service [AUTO] MSWindows Service [bOOT] Mup Service [bOOT] NDIS Service D:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service D:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service D:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service D:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service D:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service D:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service D:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service D:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service D:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service D:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service D:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service D:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service D:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service PageDefrag Service [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service D:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service D:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service D:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service D:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service D:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service D:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service D:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service D:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service D:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service D:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service D:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service D:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service D:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service D:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service D:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service D:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service D:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service D:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service D:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service D:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service D:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service D:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service D:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service D:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe [AUTO] SDhelper Service D:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service D:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service D:\WINDOWS\system32\svchost.exe [AUTO] SENS Service D:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service D:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service D:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service D:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service D:\Program Files\SiteAdvisor\6066\SAService.exe [AUTO] SiteAdvisor Service Service D:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service D:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service D:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service D:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service D:\WINDOWS\System32\svchost.exe [AUTO] srservice Service D:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service D:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service D:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service D:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service D:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service D:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service D:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service D:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service D:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service D:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service D:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service D:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service D:\WINDOWS\System32\svchost.exe [AUTO] Themes Service D:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service D:\WINDOWS\System32\drivers\tmcomm.sys [AUTO] tmcomm Service [DISABLED] TosIde Service D:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service D:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service D:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service D:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service D:\WINDOWS\System32\ups.exe [MANUAL] UPS Service D:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service D:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service D:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service D:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service D:\WINDOWS\System32\DRIVERS\viaagp1.sys [bOOT] viaagp1 Service D:\WINDOWS\System32\DRIVERS\viaidexp.sys [bOOT] ViaIde Service D:\WINDOWS\System32\DRIVERS\viasraid.sys [bOOT] viasraid Service [bOOT] VolSnap Service D:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service VxD Service D:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service D:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service D:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service D:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service D:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service D:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service D:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service D:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service D:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service [DISABLED] wscsvc Service D:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service D:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service D:\WINDOWS\System32\DRIVERS\yk51x86.sys [MANUAL] yukonwxp Service {986FA2B6-D72E-4A44-86C4-6D721C59AD25} ---- EOF - GMER 1.0.12 ----

Złączono Posta : 09.06.2007 (Sob) 14:10

…no i problem nadal występuje… a juz wczoraj myślałam, że jest lepiej, ale najwidoczniej tak mi sie tylko zdawało…kliknięcie na każdą wiadomość powoduje pojawienie się strony z logowaniem do poczty… pomóżcie proszę…

Joan · 9 Czerwiec 2007 14:42

Pobierz i uruchom narzędzie The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Klikasz Done , a następnie zielone światełko i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

grejs · 9 Czerwiec 2007 15:22

Nie bardzo mogę znaleźć ten plik C:\Avenger\backup.zip, może dlatego, że u mnie główny dysk to D ? …jednak tam też mam kilka plików do wyboru katalog tymczasowy - folder plików, folder skompresowany i dwie aplikacje…czy mam skasować to wszystko? To log po zastosowaniu się do Twoich wskazań:

Gutek · 10 Czerwiec 2007 00:24

Daj jeszcze raz z Gmera log

grejs · 10 Czerwiec 2007 18:04

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-10 20:02:33 Windows 5.1.2600 ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06] ? D:\WINDOWS\TEMP\mc21.tmp Nie można odnaleźć określonego pliku. ---- User code sections - GMER 1.0.12 ---- .text D:\WINDOWS\System32\wuauclt.exe[188] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\System32\wuauclt.exe[188] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\System32\wuauclt.exe[188] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\System32\wuauclt.exe[188] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\System32\wuauclt.exe[188] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\System32\wuauclt.exe[188] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Internet Explorer\iexplore.exe[320] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Internet Explorer\iexplore.exe[320] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Internet Explorer\iexplore.exe[320] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Internet Explorer\iexplore.exe[320] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Internet Explorer\iexplore.exe[320] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Internet Explorer\iexplore.exe[320] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\WINDOWS\system32\csrss.exe[620] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\csrss.exe[620] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\services.exe[688] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\services.exe[688] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\lsass.exe[700] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\lsass.exe[700] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\spoolsv.exe[1092] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\spoolsv.exe[1092] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1252] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1372] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1372] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1372] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1372] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1372] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1448] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1448] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1448] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1448] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1448] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1448] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Internet Explorer\iexplore.exe[1656] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Internet Explorer\iexplore.exe[1656] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Internet Explorer\iexplore.exe[1656] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Internet Explorer\iexplore.exe[1656] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Internet Explorer\iexplore.exe[1656] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Internet Explorer\iexplore.exe[1656] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[1732] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[1732] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[1732] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[1732] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[1732] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla gmer.zip\gmer.exe[1732] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\Explorer.EXE[1780] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\Explorer.EXE[1780] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\Explorer.EXE[1780] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\Explorer.EXE[1780] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1916] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1916] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1916] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1916] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1916] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1916] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[1944] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[1944] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[1944] USER32.dll!DispatchMessageA 77D341F2 6 Bytes JMP 5F040F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1952] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1952] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1952] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1952] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1952] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1952] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1960] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1960] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1960] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1960] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1960] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1960] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] ---- Registry - GMER 1.0.12 ---- Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@dbdijhljddbcfdhbndolcnclameahcaegchgenjj 0x6A 0x61 0x70 0x65 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@cbnhhlblojcpagbameglbdklmpiamnabfiagce 0x6A 0x61 0x70 0x65 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@abpcjlbjleblkofiapgndmnopcamggbpem 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@mamcendncnlodhccdogmffefpb 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@bbbkodamflpapiloojbngcilffjmlckkmhkg 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abhnedbbjhklkkcjbjmdlcjnlnghppelhj 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abnkkafmpihcgeibnlfadnidciphabbpje 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@maoknanflkimlfckibgpbchokf 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@iabkodamflpapilooj 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@hahnedbbjhklkkcj 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@iankkhgpmoonkbgccf 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@bbbkodamflpapiloojbngcilffjmgbfofkbf 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abhnedbbjhklkkcjbjmdlcjnlnpjedpima 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@dbcgnijoampoldcfddfpmjibgaebaongmhkcopbb 0x6A 0x61 0x67 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@cbifhflimenbflbcalcammhcampihoblfcjeon 0x6A 0x61 0x67 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@iacgnijoampoldcfdd 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@haifhflimenbflbc 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@iagjffmcicjcpefhcg 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@abgjfgfggdbcgomnafomimjbcgddncffch 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@mahjacajjiocibpbhbnjbhbbhk 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@cbfidogciigjcdbignhnkboocjjljaflpchcam 0x6A 0x61 0x6A 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@bbhhfofodhkanbgploepkaffhdbijibpalfd 0x6A 0x61 0x6A 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@abjjdoklgkhioeehhjdmffmoadaeafnkfk 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@maijgoccbfpcbkfpofkbchphpi 0x61 0x61 0x00 0x00 ---- EOF - GMER 1.0.12 ----

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-10 20:04:25 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service D:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service D:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service D:\WINDOWS\System32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service [MANUAL] AdWatchDrv Service D:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service D:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service D:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service D:\WINDOWS\System32\svchost.exe [AUTO] Alerter Service D:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service D:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service D:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service D:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service D:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service D:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service D:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service D:\WINDOWS\System32\svchost.exe [AUTO] BITS Service D:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service D:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service D:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc Service D:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service D:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service D:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [AUTO] CSRRS Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service D:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service D:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service D:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service D:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service D:\WINDOWS\System32\DRIVERS\dmio.sys [bOOT] dmio Service [bOOT] dmload Service D:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service D:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service D:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service D:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service D:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service D:\WINDOWS\system32\services.exe [AUTO] Eventlog Service D:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service D:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service D:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service D:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service D:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service D:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service D:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service D:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service D:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service D:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service D:\WINDOWS\system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service D:\WINDOWS\system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service D:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service D:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service D:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service D:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service D:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service D:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service D:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service D:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service D:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service D:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service D:\WINDOWS\TEMP\mc21.tmp [DISABLED] mchInjDrv Service D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service D:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service D:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service D:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service D:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service D:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service D:\WINDOWS\System32\irdvxc.exe [AUTO] MSDisk Service D:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service D:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service D:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service D:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service D:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service [AUTO] MSWindows Service [bOOT] Mup Service [bOOT] NDIS Service D:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service D:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service D:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service D:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service D:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service D:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service D:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service D:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service D:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service D:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service D:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service D:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service D:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service PageDefrag Service [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service D:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service D:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service D:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service D:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service D:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service D:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service D:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service D:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service D:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service D:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service D:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service D:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service D:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service D:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service D:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service D:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service D:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service D:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service D:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service D:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service D:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service D:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service D:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service D:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe [AUTO] SDhelper Service D:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service D:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service D:\WINDOWS\system32\svchost.exe [AUTO] SENS Service D:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service D:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service D:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service D:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service D:\Program Files\SiteAdvisor\6066\SAService.exe [AUTO] SiteAdvisor Service Service D:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service D:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service D:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service D:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service D:\WINDOWS\System32\svchost.exe [AUTO] srservice Service D:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service D:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service D:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service D:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service D:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service D:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service D:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service D:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service D:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service D:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service D:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service D:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service D:\WINDOWS\System32\svchost.exe [AUTO] Themes Service D:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service D:\WINDOWS\System32\drivers\tmcomm.sys [AUTO] tmcomm Service [DISABLED] TosIde Service D:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service D:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service D:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service D:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service D:\WINDOWS\System32\ups.exe [MANUAL] UPS Service D:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service D:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service D:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service D:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service D:\WINDOWS\System32\DRIVERS\viaagp1.sys [bOOT] viaagp1 Service D:\WINDOWS\System32\DRIVERS\viaidexp.sys [bOOT] ViaIde Service D:\WINDOWS\System32\DRIVERS\viasraid.sys [bOOT] viasraid Service [bOOT] VolSnap Service D:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service VxD Service D:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service D:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service D:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service D:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service D:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service D:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service D:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service D:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service D:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service [DISABLED] wscsvc Service D:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service D:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service D:\WINDOWS\System32\DRIVERS\yk51x86.sys [MANUAL] yukonwxp Service {986FA2B6-D72E-4A44-86C4-6D721C59AD25} ---- EOF - GMER 1.0.12 ----

Gutek · 10 Czerwiec 2007 18:41

START >>> Uruchom >>> cmd >>> wklep (i po każdej komendzie naciśnij ENTER):

grejs · 11 Czerwiec 2007 05:01

Zrobiłam jak napisałeś ale przy komendzie

pokazał się komunikat, że nie można odnaleźć tego pliku…ale wklejam logi z gmera…

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-11 06:59:56 Windows 5.1.2600 ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06] ? D:\WINDOWS\TEMP\mc21.tmp Nie można odnaleźć określonego pliku. ---- User code sections - GMER 1.0.12 ---- .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 6 dla gmer.zip\gmer.exe[292] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 6 dla gmer.zip\gmer.exe[292] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 6 dla gmer.zip\gmer.exe[292] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 6 dla gmer.zip\gmer.exe[292] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 6 dla gmer.zip\gmer.exe[292] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 6 dla gmer.zip\gmer.exe[292] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\WINDOWS\system32\csrss.exe[620] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\csrss.exe[620] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\services.exe[688] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\services.exe[688] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\system32\spoolsv.exe[1100] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\system32\spoolsv.exe[1100] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\system32\spoolsv.exe[1100] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\system32\spoolsv.exe[1100] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1248] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SiteAdvisor\6066\SAService.exe[1356] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1440] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\WINDOWS\Explorer.EXE[1800] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\WINDOWS\Explorer.EXE[1800] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\WINDOWS\Explorer.EXE[1800] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\WINDOWS\Explorer.EXE[1800] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\WINDOWS\Explorer.EXE[1800] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\WINDOWS\Explorer.EXE[1800] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\internet explorer\iexplore.exe[1924] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\internet explorer\iexplore.exe[1924] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\internet explorer\iexplore.exe[1924] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\internet explorer\iexplore.exe[1924] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\internet explorer\iexplore.exe[1924] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\internet explorer\iexplore.exe[1924] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1948] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1948] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1948] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1948] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1948] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SiteAdvisor\6066\SiteAdv.exe[1948] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[1972] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[1972] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe[1972] USER32.dll!DispatchMessageA 77D341F2 6 Bytes JMP 5F040F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1988] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1988] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1988] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1988] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1988] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1988] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1996] ntdll.dll!NtTerminateProcess 77F7F3C3 3 Bytes [FF, 25, 1E] .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1996] ntdll.dll!NtTerminateProcess + 4 77F7F3C7 2 Bytes [0E, 5F] .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1996] kernel32.dll!CreateProcessW 77E61B8A 6 Bytes JMP 5F0A0F5A .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1996] kernel32.dll!CreateProcessA 77E61BB8 6 Bytes JMP 5F040F5A .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1996] kernel32.dll!LoadLibraryExW 77E8049B 6 Bytes JMP 5F070F5A .text D:\Program Files\Corel\Graphics9\Register\Remind32.exe[1996] kernel32.dll!FreeLibrary + 11 77E80629 4 Bytes [0F, FA, 17, E7] ---- Registry - GMER 1.0.12 ---- Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@dbdijhljddbcfdhbndolcnclameahcaegchgenjj 0x6A 0x61 0x70 0x65 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@cbnhhlblojcpagbameglbdklmpiamnabfiagce 0x6A 0x61 0x70 0x65 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@abpcjlbjleblkofiapgndmnopcamggbpem 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{29B1E8E2-B1D0-4CDC-2C39-F170004CF4A4}@mamcendncnlodhccdogmffefpb 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@bbbkodamflpapiloojbngcilffjmlckkmhkg 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abhnedbbjhklkkcjbjmdlcjnlnghppelhj 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abnkkafmpihcgeibnlfadnidciphabbpje 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@maoknanflkimlfckibgpbchokf 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@iabkodamflpapilooj 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@hahnedbbjhklkkcj 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@iankkhgpmoonkbgccf 0x61 0x61 0x00 0x01 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@bbbkodamflpapiloojbngcilffjmgbfofkbf 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{3560621D-8A84-8BC6-ECD2-E1DC9A56FCCA}@abhnedbbjhklkkcjbjmdlcjnlnpjedpima 0x6A 0x61 0x6E 0x61 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@dbcgnijoampoldcfddfpmjibgaebaongmhkcopbb 0x6A 0x61 0x67 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@cbifhflimenbflbcalcammhcampihoblfcjeon 0x6A 0x61 0x67 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@iacgnijoampoldcfdd 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@haifhflimenbflbc 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@iagjffmcicjcpefhcg 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@abgjfgfggdbcgomnafomimjbcgddncffch 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{8EC58BB7-F5A9-1797-E8F3-9114A9B45A40}@mahjacajjiocibpbhbnjbhbbhk 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@cbfidogciigjcdbignhnkboocjjljaflpchcam 0x6A 0x61 0x6A 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@bbhhfofodhkanbgploepkaffhdbijibpalfd 0x6A 0x61 0x6A 0x64 … Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@abjjdoklgkhioeehhjdmffmoadaeafnkfk 0x61 0x61 0x00 0x00 Reg \Registry\USER\S-1-5-21-507921405-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{EBB71504-5E49-CEFD-6213-ED87B1DCF6F6}@maijgoccbfpcbkfpofkbchphpi 0x61 0x61 0x00 0x00 ---- EOF - GMER 1.0.12 ----

GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-11 07:00:34 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service D:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service D:\WINDOWS\System32\Drivers\adildr.sys [AUTO] ADILOADER Service D:\WINDOWS\System32\DRIVERS\adiusbaw.sys [MANUAL] adiusbaw Service [DISABLED] adpu160m Service [MANUAL] AdWatchDrv Service D:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service D:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service D:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service D:\WINDOWS\System32\svchost.exe [AUTO] Alerter Service D:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service D:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service D:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service D:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service D:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service D:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service D:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service D:\WINDOWS\System32\svchost.exe [AUTO] BITS Service D:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service D:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service D:\WINDOWS\system32\cisvc.exe [MANUAL] cisvc Service D:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service D:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service D:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [AUTO] CSRRS Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service D:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service D:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service D:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service D:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service D:\WINDOWS\System32\DRIVERS\dmio.sys [bOOT] dmio Service [bOOT] dmload Service D:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service D:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service D:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service D:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service D:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service D:\WINDOWS\system32\services.exe [AUTO] Eventlog Service D:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service D:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service D:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service D:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service D:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service D:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service D:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service D:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service D:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service D:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service D:\WINDOWS\system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service D:\WINDOWS\system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service D:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service D:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service D:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service D:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service D:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service D:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service D:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service D:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service D:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service D:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service [DISABLED] mchInjDrv Service D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service D:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service D:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service D:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service D:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service D:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service D:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service D:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service D:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service D:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service D:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service [AUTO] MSWindows Service [bOOT] Mup Service [bOOT] NDIS Service D:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service D:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service D:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service D:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service D:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service D:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service D:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service D:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service D:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service D:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service D:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service D:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service D:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service PageDefrag Service [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service D:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service D:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service D:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service D:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service D:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service D:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service D:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service D:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service D:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service D:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service D:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service D:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service D:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service D:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service D:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service D:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service D:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service D:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service D:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service D:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service D:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service D:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service D:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service D:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe [AUTO] SDhelper Service D:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service D:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service D:\WINDOWS\system32\svchost.exe [AUTO] SENS Service D:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service D:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service D:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service D:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service D:\Program Files\SiteAdvisor\6066\SAService.exe [AUTO] SiteAdvisor Service Service D:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service D:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service D:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service D:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service D:\WINDOWS\System32\svchost.exe [AUTO] srservice Service D:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service D:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service D:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service D:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service D:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service D:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service D:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service D:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service D:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service D:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service D:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service D:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service D:\WINDOWS\System32\svchost.exe [AUTO] Themes Service D:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service D:\WINDOWS\System32\drivers\tmcomm.sys [AUTO] tmcomm Service [DISABLED] TosIde Service D:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service D:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service D:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service D:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service D:\WINDOWS\System32\ups.exe [MANUAL] UPS Service D:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service D:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service D:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service D:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service D:\WINDOWS\System32\DRIVERS\viaagp1.sys [bOOT] viaagp1 Service D:\WINDOWS\System32\DRIVERS\viaidexp.sys [bOOT] ViaIde Service D:\WINDOWS\System32\DRIVERS\viasraid.sys [bOOT] viasraid Service [bOOT] VolSnap Service D:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service VxD Service D:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service D:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service D:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service D:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service D:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service D:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service D:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service D:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service D:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service [DISABLED] wscsvc Service D:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service D:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service D:\WINDOWS\System32\DRIVERS\yk51x86.sys [MANUAL] yukonwxp Service {986FA2B6-D72E-4A44-86C4-6D721C59AD25} ---- EOF - GMER 1.0.12 ----

Gutek · 11 Czerwiec 2007 15:26

Już jest ok

grejs · 11 Czerwiec 2007 20:48

Dzięki wielkie Ciągle coś mi się przyplątuje, więc to pewnie nie koniec moich zmagań…ale jestem ogromnie wdzięczna za pomoc…