Resetuje sie komp gdy chce właczyc przegladarke lub


(kubasx4) #1

...jak chce właczyc inny program !!


(Uzi) #2

Użyj programu LSP-FIX zaznacz "I know what I'm doing" następnie w okienku Keep zaznacz plik msnetax.dll i za pomocą strzałki >> przenieś go do okienka remover i kliknij finish,restart komputera.Powinno pomóc.


(kubasx4) #3

nie mam tam takiego pliku

mam takie pliki :

mswsock.dll

winrnr.dll

rwnzjxggysg.dll

rcvpsp.dll

(kubasx4) #4

opsi tego pliku

rcvpsp.dll

Microsoft Windows Rsvp 1.0 Service Provider


(Uzi) #5

Stop

1.2.4 To są pliki Windows i nie można ich dotknąć.

1.mswsock.dll

2.winrnr.dll

3.rwnzjxggysg.dll

4.rcvpsp.dll


(kubasx4) #6

ale co dalej bo teraz stoje ? a 3 ? ten trzeci plik nie ma zadnego opisu


(Uzi) #7

1.Ściągnij LSP-fix.

  1. Rozpakuj.

  2. Uruchom komputer w trybie awaryjnym.

  3. Uruchom LSP-fix.

  4. Zaznacz plik msnetax.dll

  5. Dalej tak jak napisałem


(kubasx4) #8

rwnzjxggysg.dll <-- a co z tym ?

nie ma tego pliku co mi kazales usunac


(adam9870) #9

Użyj Look2Me-Destroyer a następnie daj log nr 1 z narzędzia L2Mfix

Pokaż screen z okienka LSP-FIX'a bo silent nie pokazuje plików, o których wspomniałeś.

http://forum.dobreprogramy.pl/viewtopic.php?t=46412

Edytuj plik hosts:

http://forum.dobreprogramy.pl/viewtopic ... 470#636470


(Uzi) #10

Hmmm

bardzo dziwny ten plik

I następnie zastosuj się do porad adam9870


(adam9870) #11

Odpal LSP-Fix zaznacz " I know wat I'm doing" następnie w okienku Keep zaznacz bibliotekę rwnzjxggysg.dll i za pomocą strzałki (>>) przenieś ją do okienka Remover i kliknij Finish i restart.

Potem sprawdź czy masz plik C:\WINDOWS\SYSTEM32\rwnzjx~1.dll a jeśli tak to go usuń będąc w trybie awaryjnym.

Po wykonaniu wklej nowy screen z LSP-Fix i log numer 1 z L2mfix.


(Gutek) #12

rwnzjx~1.dll - rwnzjxggysg.dll jak usuniesz w LSP-Fix, to usuń plik ręcznie lokalizacja C:\WINDOWS\SYSTEM32\ rwnzjxggysg.dll


(kubasx4) #13

(Gutek) #14

Daj log z Combofix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


(kubasx4) #15

(adam9870) #16

W LSP-Fix zrób tak jak poprzednio tylko tym razem z plikiem zpb.dll.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Pobierz Gmer'a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

W zakładce Procesy wybierz Gmer awaryjny >>> komputer się zrestartuje i zostanie samo okienko Gmer'a >>> w zakładce Procesy przez ... (trzy kropki) wskaż plik FIX.BAT >>> po chwilce mignie ekran i reset >>> po resecie otwórz Gmer'a i w zakładce CMD z zaznaczoną opcją REGEDIT.EXE wklej:

>>> kliknij Uruchom i reset.

Użyj narzędzia Rustock.b-fix.

Korzystając z opcji Backupów w hijacku przywróć z powrotem wpisy:

Po wykonaniu wklej nowy log z Combo plus dwa logi z Gmer'a wykonane przy takich ustawieniach:

  1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

  2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929


(kubasx4) #17
"kubus" - 07-03-22 23:10:57 Dodatek Service Pack 2

ComboFix 07-03-22 - Running from: "C:\Documents and Settings\kubus\Pulpit"


	/wow section not completed - STAGE #6D 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\qoobox\purity\WINDOWS\WNSXS~1



((((((((((((((((((((((((((((((( Files Created from 2007-02-22 to 2007-03-22 ))))))))))))))))))))))))))))))))))



2007-03-22 23:11	21,504	--a------	C:\WINDOWS\system32\w.dll

2007-03-22 23:09	




Gmer 1 log :

[code] GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-22 23:36:19 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT F8906B3E ZwCreateFile SSDT sptd.sys ZwCreateKey SSDT F89075AC ZwEnumerateKey SSDT F8907662 ZwEnumerateValueKey SSDT F8906A8A ZwOpenFile SSDT sptd.sys ZwOpenKey SSDT F890697E ZwQueryDirectoryFile SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey SSDT F8907EEE ZwTerminateProcess ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!_abnormal_termination + F3 804E2DC4 1 Byte [B0] .text ntoskrnl.exe!_abnormal_termination + F5 804E2DC6 2 Bytes [43, F8] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? C:\WINDOWS\system32\drivers\NDIS.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload F7B0F62C 5 Bytes JMP 821EA960 ? System32\Drivers\ajb2lgi3.SYS Nie można odnaleźć określonego pliku. ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823D51D8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 821F24F0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 821F24F0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 821F24F0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 821F24F0 Device \Driver\00000045 \Device\00000044 IRP_MJ_POWER [F844DC7E] sptd.sys Device \Driver\00000045 \Device\00000044 IRP_MJ_SYSTEM_CONTROL [F84672A2] sptd.sys Device \Driver\00000045 \Device\00000044 IRP_MJ_PNP [F8468228] sptd.sys Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 823D71D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 823D71D8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 821F24F0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 821F24F0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 821F24F0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 821F24F0 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 821EF980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 821EF980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 821EF980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 821EF980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 821EF980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 821EF980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 821EF980 Device \Driver\nvatabus \Device\00000062 IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys Device \Driver\nvatabus \Device\00000063 IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8236B1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82069750 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82069750 Device \Driver\ntio256 \Device\poofpoof IRP_MJ_CREATE F890661E Device \Driver\ntio256 \Device\poofpoof IRP_MJ_CLOSE F890661E Device \Driver\ntio256 \Device\poofpoof IRP_MJ_DEVICE_CONTROL F8906528 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 8236B1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82069750 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82069750 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81EE2590 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81EE2590 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81EE2590 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81EE2590 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81EE2590 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81EE2590 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 821F24F0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 821F24F0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 821F24F0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 821F24F0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 821F24F0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 821F24F0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 821F24F0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 821F24F0 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 821F24F0 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81C7E1D8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 821EF980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 821EF980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 821EF980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 821EF980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 821EF980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 821EF980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 821EF980 Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81C7E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81C7E1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8236B1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8236B1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0CE26257-6BB3-4CD0-BFE6-480CEF9E9394} IRP_MJ_CREATE 81EE2590 Device \Driver\NetBT \Device\NetBT_Tcpip_{0CE26257-6BB3-4CD0-BFE6-480CEF9E9394} IRP_MJ_CLOSE 81EE2590 Device \Driver\NetBT \Device\NetBT_Tcpip_{0CE26257-6BB3-4CD0-BFE6-480CEF9E9394} IRP_MJ_DEVICE_CONTROL 81EE2590 Device \Driver\NetBT \Device\NetBT_Tcpip_{0CE26257-6BB3-4CD0-BFE6-480CEF9E9394} IRP_MJ_INTERNAL_DEVICE_CONTROL 81EE2590 Device \Driver\NetBT \Device\NetBT_Tcpip_{0CE26257-6BB3-4CD0-BFE6-480CEF9E9394} IRP_MJ_CLEANUP 81EE2590 Device \Driver\NetBT \Device\NetBT_Tcpip_{0CE26257-6BB3-4CD0-BFE6-480CEF9E9394} IRP_MJ_PNP 81EE2590 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31Port3Path0Target0Lun0 IRP_MJ_CREATE 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31Port3Path0Target0Lun0 IRP_MJ_CLOSE 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31Port3Path0Target0Lun0 IRP_MJ_POWER 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31Port3Path0Target0Lun0 IRP_MJ_PNP 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31 IRP_MJ_CREATE 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31 IRP_MJ_CLOSE 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31 IRP_MJ_DEVICE_CONTROL 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31 IRP_MJ_INTERNAL_DEVICE_CONTROL [F87C6D60] sfsync02.sys Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31 IRP_MJ_POWER 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31 IRP_MJ_SYSTEM_CONTROL 820DF440 Device \Driver\ajb2lgi3 \Device\Scsi\ajb2lgi31 IRP_MJ_PNP 820DF440 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81EEC6D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81EEC6D8 ---- Modules - GMER 1.0.12 ---- Module \??\C:\WINDOWS\system32\ntio256.sys (*** hidden *** ) F8906000 ---- EOF - GMER 1.0.12 ----

Złączono Posta : 22.03.2007 (Czw) 23:45

http://www.plikownik.pl/168333

log 2 z gmera


(adam9870) #18

Przeskanuj plik:

Na stronie http://virusscan.jotti.org/ lub http://www.virustotal.com/ a jeśli okaże się szkodliwe to na początku pliku FIX.BAT dodaj tą linijkę:

Powtórka z rozrywki, czyli tworzysz plik FIX.BAT w taki sposób jak poprzednio ale o takiej zawartości:

W zakładce Procesy wybierz Gmer awaryjny >>> komputer się zrestartuje i zostanie samo okienko Gmer'a >>> w zakładce Procesy przez ... (trzy kropki) wskaż plik FIX.BAT >>> po chwilce mignie ekran i reset.

Po wykonaniu wklej nowy log z Combo plus dwa logi z Gmer'a.


(kubasx4) #19

po twoich zabiegach nie dziala mi net a wszystko ma skonfigurowane z netem dobrze , oto logi :

ComboFix

http://www.plikownik.pl/970651

Gmer Log1:

http://www.plikownik.pl/122910

Gmer log2:

http://www.plikownik.pl/814492

prosze szybko o pomoc


(adam9870) #20

Użyj WinSockFix.

Pobierz The avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w lupkę => w okienku, które się otworzy wklej:

=> Kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po resecie może pojawić się okienko na dosłownie kilka sekund oraz log w notatniku. Wejdź tam gdzie masz avengera i skasuj plik backup.zip czyli np. c:\avenger\backup.zip.

Po wykonaniu wklej nowe logi plus screen z LSP-Fix.