ROTTKIT modyfikuje system

m26 · 9 Styczeń 2007 17:46

GMER informuje mnie o modyfikacjach systemu, które zostały dokonane najprawdopodobniej przez ROOTKIT-a.

Jak go zniszczyć? Proszę o pomoc.

Bieniol · 9 Styczeń 2007 17:50

Wrzuć zestaw logów - HijackThis + Silent Runners

m26 · 9 Styczeń 2007 17:58

Logfile of HijackThis v1.99.1 Scan saved at 18:55:06, on 2007-01-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\taskbaricon.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll O4 - HKLM…\Run: [Nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar1.google.com/data/pl/big/ … gleNav.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) - http://www.lemontv.pl/lmctrlp.cab O17 - HKLM\System\CCS\Services\Tcpip…{DC6CF8E4-BDCB-48FA-A555-93E52865DBE0}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “Free Download Manager” = (empty string) “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\taskbaricon.exe” [“France Télécom R&D”] “UnlockerAssistant” = ““C:\Program Files\Unlocker\UnlockerAssistant.exe”” [null data] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{e82a2d71-5b2f-43a0-97b8-81be15854de8}” = “ShellLink for Application References” -> {HKLM…CLSID} = “ShellLink for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}” = “Shell Icon Handler for Application References” -> {HKLM…CLSID} = “Shell Icon Handler for Application References” \InProcServer32(Default) = “C:\WINDOWS\system32\dfshim.dll” [MS] “{23F0DC38-DC86-49D6-81EC-40C54A204212}” = “ZEN Nano Plus Media Explorer” -> {HKLM…CLSID} = “ZEN Nano Plus Media Explorer” \InProcServer32(Default) = “C:\Program Files\Creative\Creative ZEN Nano Plus\ZEN Nano Plus Media Explorer\CTMvnsu.dll” [“Creative Technology Ltd”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! SASWinLogon\DLLName = “C:\Program Files\SUPERAntiSpyware\SASWINLO.dll” [“SUPERAntiSpyware.com”] INFECTION WARNING! WgaLogon\DLLName = “WgaLogon.dll” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 10, 77 %SYSTEMROOT%\system32\bnmndrv.dll [null data], 11 - 42, 76 %SYSTEMROOT%\system32\nvappfilter.dll [“NVIDIA”], 43 - 58, 75 %SystemRoot%\system32\mswsock.dll [MS], 59 - 62, 65 - 74 %SystemRoot%\system32\rsvpsp.dll [MS], 63 - 64 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “C:\WINDOWS\Downloaded Program Files\googlenav.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “C:\WINDOWS\Downloaded Program Files\googlenav.dll” [“Google Inc.”] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}(Default) = (no title provided) -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “@C:\Program Files\Messenger\Msgslang.dll,-61144” “MenuText” = “@C:\Program Files\Messenger\Msgslang.dll,-61144” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] ForceWare Intelligent Application Manager (IAM), ForceWare Intelligent Application Manager (IAM), “C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe” [empty string] ForceWare IP service, nSvcIp, “C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe” [“NVIDIA”] ForceWare user log service, nSvcLog, “C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe” [“NVIDIA”] Forceware Web Interface, ForcewareWebInterface, ““C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe” -k runservice” [“Apache Software Foundation”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe”” [MS] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 8 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 9 seconds. ---------- (total run time: 31 seconds)

Bieniol · 9 Styczeń 2007 18:02

Logi są czyste.

Pokaż jeszcze dwa logi z GMERa:

Rootkit -> zaznaczone wszystko + ODZNACZONE ‘pokazuj wszystko’ -> szukaj -> kopiuj -> ctrl+v do posta;

Rootkit -> zaznaczone TYLKO ‘uslugi’ + ‘pokazuj wszystko’ -> jak wyżej

m26 · 9 Styczeń 2007 19:40

GMER 1.0.11.11349 - http://www.gmer.net Rootkit 2007-01-09 20:24:52 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.11 ---- SSDT ??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess <-- ROOTKIT ! SSDT ??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess – ROOTKIT ! INT 0x00 \WINDOWS\system32\ntkrnlpa.exe 8053D36C INT 0x01 \WINDOWS\system32\ntkrnlpa.exe 8053D4E4 INT 0x03 \WINDOWS\system32\ntkrnlpa.exe 8053D8B4 INT 0x04 \WINDOWS\system32\ntkrnlpa.exe 8053DA34 INT 0x05 \WINDOWS\system32\ntkrnlpa.exe 8053DB90 INT 0x06 \WINDOWS\system32\ntkrnlpa.exe 8053DD04 INT 0x07 \WINDOWS\system32\ntkrnlpa.exe 8053E36C INT 0x09 \WINDOWS\system32\ntkrnlpa.exe 8053E790 INT 0x0A \WINDOWS\system32\ntkrnlpa.exe 8053E8B0 INT 0x0B \WINDOWS\system32\ntkrnlpa.exe 8053E9F0 INT 0x0C \WINDOWS\system32\ntkrnlpa.exe 8053EC4C INT 0x0D \WINDOWS\system32\ntkrnlpa.exe 8053EF30 INT 0x0E \WINDOWS\system32\ntkrnlpa.exe 8053F620 INT 0x0F \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x10 \WINDOWS\system32\ntkrnlpa.exe 8053FA70 INT 0x11 \WINDOWS\system32\ntkrnlpa.exe 8053FBA8 INT 0x12 \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x13 \WINDOWS\system32\ntkrnlpa.exe 8053FD10 INT 0x14 \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x15 \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x16 \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x17 \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x18 \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x19 \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x1A \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x1B \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x1C \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x1D \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x1E \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x1F \WINDOWS\system32\hal.dll 806CFFD0 INT 0x2A \WINDOWS\system32\ntkrnlpa.exe 8053CBAE INT 0x2B \WINDOWS\system32\ntkrnlpa.exe 8053CCB0 INT 0x2C \WINDOWS\system32\ntkrnlpa.exe 8053CE50 INT 0x2D \WINDOWS\system32\ntkrnlpa.exe 8053D790 INT 0x2E \WINDOWS\system32\ntkrnlpa.exe 8053C651 INT 0x2F \WINDOWS\system32\ntkrnlpa.exe 8053F950 INT 0x30 \WINDOWS\system32\ntkrnlpa.exe 8053BD10 INT 0x31 \WINDOWS\system32\ntkrnlpa.exe 8053BD1A INT 0x32 \WINDOWS\system32\ntkrnlpa.exe 8053BD24 INT 0x33 \WINDOWS\system32\ntkrnlpa.exe 8053BD2E INT 0x34 \WINDOWS\system32\ntkrnlpa.exe 8053BD38 INT 0x35 \WINDOWS\system32\ntkrnlpa.exe 8053BD42 INT 0x36 \WINDOWS\system32\ntkrnlpa.exe 8053BD4C INT 0x37 \WINDOWS\system32\hal.dll 806CF728 INT 0x38 \WINDOWS\system32\ntkrnlpa.exe 8053BD60 INT 0x39 \WINDOWS\system32\ntkrnlpa.exe 8053BD6A INT 0x3A \WINDOWS\system32\ntkrnlpa.exe 8053BD74 INT 0x3B \WINDOWS\system32\ntkrnlpa.exe 8053BD7E INT 0x3C \WINDOWS\system32\ntkrnlpa.exe 8053BD88 INT 0x3D \WINDOWS\system32\hal.dll 806D0B70 INT 0x3E \WINDOWS\system32\ntkrnlpa.exe 8053BD9C INT 0x3F \WINDOWS\system32\ntkrnlpa.exe 8053BDA6 INT 0x40 \WINDOWS\system32\ntkrnlpa.exe 8053BDB0 INT 0x41 \WINDOWS\system32\hal.dll 806D09CC INT 0x42 \WINDOWS\system32\ntkrnlpa.exe 8053BDC4 INT 0x43 \WINDOWS\system32\ntkrnlpa.exe 8053BDCE INT 0x44 \WINDOWS\system32\ntkrnlpa.exe 8053BDD8 INT 0x45 \WINDOWS\system32\ntkrnlpa.exe 8053BDE2 INT 0x46 \WINDOWS\system32\ntkrnlpa.exe 8053BDEC INT 0x47 \WINDOWS\system32\ntkrnlpa.exe 8053BDF6 INT 0x48 \WINDOWS\system32\ntkrnlpa.exe 8053BE00 INT 0x49 \WINDOWS\system32\ntkrnlpa.exe 8053BE0A INT 0x4A \WINDOWS\system32\ntkrnlpa.exe 8053BE14 INT 0x4B \WINDOWS\system32\ntkrnlpa.exe 8053BE1E INT 0x4C \WINDOWS\system32\ntkrnlpa.exe 8053BE28 INT 0x4D \WINDOWS\system32\ntkrnlpa.exe 8053BE32 INT 0x4E \WINDOWS\system32\ntkrnlpa.exe 8053BE3C INT 0x4F \WINDOWS\system32\ntkrnlpa.exe 8053BE46 INT 0x50 \WINDOWS\system32\hal.dll 806CF800 INT 0x51 \WINDOWS\system32\ntkrnlpa.exe 8053BE5A INT 0x52 \WINDOWS\system32\ntkrnlpa.exe 8053BE64 INT 0x53 \WINDOWS\system32\ntkrnlpa.exe 8053BE6E INT 0x54 \WINDOWS\system32\ntkrnlpa.exe 8053BE78 INT 0x55 \WINDOWS\system32\ntkrnlpa.exe 8053BE82 INT 0x56 \WINDOWS\system32\ntkrnlpa.exe 8053BE8C INT 0x57 \WINDOWS\system32\ntkrnlpa.exe 8053BE96 INT 0x58 \WINDOWS\system32\ntkrnlpa.exe 8053BEA0 INT 0x59 \WINDOWS\system32\ntkrnlpa.exe 8053BEAA INT 0x5A \WINDOWS\system32\ntkrnlpa.exe 8053BEB4 INT 0x5B \WINDOWS\system32\ntkrnlpa.exe 8053BEBE INT 0x5C \WINDOWS\system32\ntkrnlpa.exe 8053BEC8 INT 0x5D \WINDOWS\system32\ntkrnlpa.exe 8053BED2 INT 0x5E \WINDOWS\system32\ntkrnlpa.exe 8053BEDC INT 0x5F \WINDOWS\system32\ntkrnlpa.exe 8053BEE6 INT 0x60 \WINDOWS\system32\ntkrnlpa.exe 8053BEF0 INT 0x61 \WINDOWS\system32\ntkrnlpa.exe 8053BEFA INT 0x64 \WINDOWS\system32\ntkrnlpa.exe 8053BF18 INT 0x65 \WINDOWS\system32\ntkrnlpa.exe 8053BF22 INT 0x66 \WINDOWS\system32\ntkrnlpa.exe 8053BF2C INT 0x67 \WINDOWS\system32\ntkrnlpa.exe 8053BF36 INT 0x68 \WINDOWS\system32\ntkrnlpa.exe 8053BF40 INT 0x69 \WINDOWS\system32\ntkrnlpa.exe 8053BF4A INT 0x6A \WINDOWS\system32\ntkrnlpa.exe 8053BF54 INT 0x6B \WINDOWS\system32\ntkrnlpa.exe 8053BF5E INT 0x6C \WINDOWS\system32\ntkrnlpa.exe 8053BF68 INT 0x6D \WINDOWS\system32\ntkrnlpa.exe 8053BF72 INT 0x6E \WINDOWS\system32\ntkrnlpa.exe 8053BF7C INT 0x6F \WINDOWS\system32\ntkrnlpa.exe 8053BF86 INT 0x70 \WINDOWS\system32\ntkrnlpa.exe 8053BF90 INT 0x71 \WINDOWS\system32\ntkrnlpa.exe 8053BF9A INT 0x72 \WINDOWS\system32\ntkrnlpa.exe 8053BFA4 INT 0x74 \WINDOWS\system32\ntkrnlpa.exe 8053BFB8 INT 0x75 \WINDOWS\system32\ntkrnlpa.exe 8053BFC2 INT 0x76 \WINDOWS\system32\ntkrnlpa.exe 8053BFCC INT 0x77 \WINDOWS\system32\ntkrnlpa.exe 8053BFD6 INT 0x78 \WINDOWS\system32\ntkrnlpa.exe 8053BFE0 INT 0x79 \WINDOWS\system32\ntkrnlpa.exe 8053BFEA INT 0x7A \WINDOWS\system32\ntkrnlpa.exe 8053BFF4 INT 0x7B \WINDOWS\system32\ntkrnlpa.exe 8053BFFE INT 0x7C \WINDOWS\system32\ntkrnlpa.exe 8053C008 INT 0x7D \WINDOWS\system32\ntkrnlpa.exe 8053C012 INT 0x7E \WINDOWS\system32\ntkrnlpa.exe 8053C01C INT 0x7F \WINDOWS\system32\ntkrnlpa.exe 8053C026 INT 0x80 \WINDOWS\system32\ntkrnlpa.exe 8053C030 INT 0x81 \WINDOWS\system32\ntkrnlpa.exe 8053C03A INT 0x82 \WINDOWS\system32\ntkrnlpa.exe 8053C044 INT 0x84 \WINDOWS\system32\ntkrnlpa.exe 8053C058 INT 0x85 \WINDOWS\system32\ntkrnlpa.exe 8053C062 INT 0x86 \WINDOWS\system32\ntkrnlpa.exe 8053C06C INT 0x87 \WINDOWS\system32\ntkrnlpa.exe 8053C076 INT 0x88 \WINDOWS\system32\ntkrnlpa.exe 8053C080 INT 0x89 \WINDOWS\system32\ntkrnlpa.exe 8053C08A INT 0x8A \WINDOWS\system32\ntkrnlpa.exe 8053C094 INT 0x8B \WINDOWS\system32\ntkrnlpa.exe 8053C09E INT 0x8C \WINDOWS\system32\ntkrnlpa.exe 8053C0A8 INT 0x8D \WINDOWS\system32\ntkrnlpa.exe 8053C0B2 INT 0x8E \WINDOWS\system32\ntkrnlpa.exe 8053C0BC INT 0x8F \WINDOWS\system32\ntkrnlpa.exe 8053C0C6 INT 0x90 \WINDOWS\system32\ntkrnlpa.exe 8053C0D0 INT 0x91 \WINDOWS\system32\ntkrnlpa.exe 8053C0DA INT 0x94 \WINDOWS\system32\ntkrnlpa.exe 8053C0F8 INT 0x95 \WINDOWS\system32\ntkrnlpa.exe 8053C102 INT 0x96 \WINDOWS\system32\ntkrnlpa.exe 8053C10C INT 0x97 \WINDOWS\system32\ntkrnlpa.exe 8053C116 INT 0x98 \WINDOWS\system32\ntkrnlpa.exe 8053C120 INT 0x99 \WINDOWS\system32\ntkrnlpa.exe 8053C12A INT 0x9A \WINDOWS\system32\ntkrnlpa.exe 8053C134 INT 0x9B \WINDOWS\system32\ntkrnlpa.exe 8053C13E INT 0x9C \WINDOWS\system32\ntkrnlpa.exe 8053C148 INT 0x9D \WINDOWS\system32\ntkrnlpa.exe 8053C152 INT 0x9E \WINDOWS\system32\ntkrnlpa.exe 8053C15C INT 0x9F \WINDOWS\system32\ntkrnlpa.exe 8053C166 INT 0xA0 \WINDOWS\system32\ntkrnlpa.exe 8053C170 INT 0xA1 \WINDOWS\system32\ntkrnlpa.exe 8053C17A INT 0xA2 \WINDOWS\system32\ntkrnlpa.exe 8053C184 INT 0xA5 \WINDOWS\system32\ntkrnlpa.exe 8053C1A2 INT 0xA6 \WINDOWS\system32\ntkrnlpa.exe 8053C1AC INT 0xA7 \WINDOWS\system32\ntkrnlpa.exe 8053C1B6 INT 0xA8 \WINDOWS\system32\ntkrnlpa.exe 8053C1C0 INT 0xA9 \WINDOWS\system32\ntkrnlpa.exe 8053C1CA INT 0xAA \WINDOWS\system32\ntkrnlpa.exe 8053C1D4 INT 0xAB \WINDOWS\system32\ntkrnlpa.exe 8053C1DE INT 0xAC \WINDOWS\system32\ntkrnlpa.exe 8053C1E8 INT 0xAD \WINDOWS\system32\ntkrnlpa.exe 8053C1F2 INT 0xAE \WINDOWS\system32\ntkrnlpa.exe 8053C1FC INT 0xAF \WINDOWS\system32\ntkrnlpa.exe 8053C206 INT 0xB0 \WINDOWS\system32\ntkrnlpa.exe 8053C210 INT 0xB3 \WINDOWS\system32\ntkrnlpa.exe 8053C22E INT 0xB5 \WINDOWS\system32\ntkrnlpa.exe 8053C242 INT 0xB6 \WINDOWS\system32\ntkrnlpa.exe 8053C24C INT 0xB7 \WINDOWS\system32\ntkrnlpa.exe 8053C256 INT 0xB8 \WINDOWS\system32\ntkrnlpa.exe 8053C260 INT 0xB9 \WINDOWS\system32\ntkrnlpa.exe 8053C26A INT 0xBA \WINDOWS\system32\ntkrnlpa.exe 8053C274 INT 0xBB \WINDOWS\system32\ntkrnlpa.exe 8053C27E INT 0xBC \WINDOWS\system32\ntkrnlpa.exe 8053C288 INT 0xBD \WINDOWS\system32\ntkrnlpa.exe 8053C292 INT 0xBE \WINDOWS\system32\ntkrnlpa.exe 8053C29C INT 0xBF \WINDOWS\system32\ntkrnlpa.exe 8053C2A6 INT 0xC0 \WINDOWS\system32\ntkrnlpa.exe 8053C2B0 INT 0xC1 \WINDOWS\system32\hal.dll 806CF984 INT 0xC2 \WINDOWS\system32\ntkrnlpa.exe 8053C2C4 INT 0xC3 \WINDOWS\system32\ntkrnlpa.exe 8053C2CE INT 0xC4 \WINDOWS\system32\ntkrnlpa.exe 8053C2D8 INT 0xC5 \WINDOWS\system32\ntkrnlpa.exe 8053C2E2 INT 0xC6 \WINDOWS\system32\ntkrnlpa.exe 8053C2EC INT 0xC7 \WINDOWS\system32\ntkrnlpa.exe 8053C2F6 INT 0xC8 \WINDOWS\system32\ntkrnlpa.exe 8053C300 INT 0xC9 \WINDOWS\system32\ntkrnlpa.exe 8053C30A INT 0xCA \WINDOWS\system32\ntkrnlpa.exe 8053C314 INT 0xCB \WINDOWS\system32\ntkrnlpa.exe 8053C31E INT 0xCC \WINDOWS\system32\ntkrnlpa.exe 8053C328 INT 0xCD \WINDOWS\system32\ntkrnlpa.exe 8053C332 INT 0xCE \WINDOWS\system32\ntkrnlpa.exe 8053C33C INT 0xCF \WINDOWS\system32\ntkrnlpa.exe 8053C346 INT 0xD0 \WINDOWS\system32\ntkrnlpa.exe 8053C350 INT 0xD1 \WINDOWS\system32\hal.dll 806CED34 INT 0xD2 \WINDOWS\system32\ntkrnlpa.exe 8053C364 INT 0xD3 \WINDOWS\system32\ntkrnlpa.exe 8053C36E INT 0xD4 \WINDOWS\system32\ntkrnlpa.exe 8053C378 INT 0xD5 \WINDOWS\system32\ntkrnlpa.exe 8053C382 INT 0xD6 \WINDOWS\system32\ntkrnlpa.exe 8053C38C INT 0xD7 \WINDOWS\system32\ntkrnlpa.exe 8053C396 INT 0xD8 \WINDOWS\system32\ntkrnlpa.exe 8053C3A0 INT 0xD9 \WINDOWS\system32\ntkrnlpa.exe 8053C3AA INT 0xDA \WINDOWS\system32\ntkrnlpa.exe 8053C3B4 INT 0xDB \WINDOWS\system32\ntkrnlpa.exe 8053C3BE INT 0xDC \WINDOWS\system32\ntkrnlpa.exe 8053C3C8 INT 0xDD \WINDOWS\system32\ntkrnlpa.exe 8053C3D2 INT 0xDE \WINDOWS\system32\ntkrnlpa.exe 8053C3DC INT 0xDF \WINDOWS\system32\ntkrnlpa.exe 8053C3E6 INT 0xE0 \WINDOWS\system32\ntkrnlpa.exe 8053C3F0 INT 0xE1 \WINDOWS\system32\hal.dll 806CFF0C INT 0xE2 \WINDOWS\system32\ntkrnlpa.exe 8053C404 INT 0xE3 \WINDOWS\system32\hal.dll 806CFC70 INT 0xE4 \WINDOWS\system32\ntkrnlpa.exe 8053C418 INT 0xE5 \WINDOWS\system32\ntkrnlpa.exe 8053C422 INT 0xE6 \WINDOWS\system32\ntkrnlpa.exe 8053C42C INT 0xE7 \WINDOWS\system32\ntkrnlpa.exe 8053C436 INT 0xE8 \WINDOWS\system32\ntkrnlpa.exe 8053C440 INT 0xE9 \WINDOWS\system32\ntkrnlpa.exe 8053C44A INT 0xEA \WINDOWS\system32\ntkrnlpa.exe 8053C454 INT 0xEB \WINDOWS\system32\ntkrnlpa.exe 8053C45E INT 0xEC \WINDOWS\system32\ntkrnlpa.exe 8053C468 INT 0xED \WINDOWS\system32\ntkrnlpa.exe 8053C472 INT 0xEE \WINDOWS\system32\ntkrnlpa.exe 8053C479 INT 0xEF \WINDOWS\system32\ntkrnlpa.exe 8053C480 INT 0xF0 \WINDOWS\system32\ntkrnlpa.exe 8053C487 INT 0xF1 \WINDOWS\system32\ntkrnlpa.exe 8053C48E INT 0xF2 \WINDOWS\system32\ntkrnlpa.exe 8053C495 INT 0xF3 \WINDOWS\system32\ntkrnlpa.exe 8053C49C INT 0xF4 \WINDOWS\system32\ntkrnlpa.exe 8053C4A3 INT 0xF5 \WINDOWS\system32\ntkrnlpa.exe 8053C4AA INT 0xF6 \WINDOWS\system32\ntkrnlpa.exe 8053C4B1 INT 0xF7 \WINDOWS\system32\ntkrnlpa.exe 8053C4B8 INT 0xF8 \WINDOWS\system32\ntkrnlpa.exe 8053C4BF INT 0xF9 \WINDOWS\system32\ntkrnlpa.exe 8053C4C6 INT 0xFA \WINDOWS\system32\ntkrnlpa.exe 8053C4CD INT 0xFB \WINDOWS\system32\ntkrnlpa.exe 8053C4D4 INT 0xFC \WINDOWS\system32\ntkrnlpa.exe 8053C4DB INT 0xFD \WINDOWS\system32\hal.dll 806D0464 INT 0xFE \WINDOWS\system32\hal.dll 806D0604 INT 0xFF \WINDOWS\system32\ntkrnlpa.exe 8053C4F0 SYSENTER \WINDOWS\system32\ntkrnlpa.exe 8053C710 ---- Devices - GMER 1.0.11 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7233E37] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [804F320E] ntkrnlpa.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7233320] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7210EE4] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F720FBCA] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F72344D1] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7211A58] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F72344D1] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F72344D1] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7239A68] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F723461C] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F723461C] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F72362C3] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F723B6D5] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F723461C] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [804F320E] ntkrnlpa.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7222621] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7287B11] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7233CEE] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [804F320E] ntkrnlpa.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F723461C] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F723461C] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [804F320E] ntkrnlpa.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [804F320E] ntkrnlpa.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [804F320E] ntkrnlpa.exe Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F72344D1] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F72344D1] Ntfs.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP [F7252F3F] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoCheckIfPossible [F724A5AC] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoRead [F722EB85] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoWrite [F723A097] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoQueryBasicInfo [F723321A] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoQueryStandardInfo [F72330AE] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoLock [F723AA4D] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoUnlockSingle [F723AB53] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoUnlockAll [F728771C] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoUnlockAllByKey [F7287861] Ntfs.sys Device \FileSystem\Ntfs \Ntfs AcquireFileForNtCreateSection [F722E8BA] Ntfs.sys Device \FileSystem\Ntfs \Ntfs ReleaseFileForNtCreateSection [F722E901] Ntfs.sys Device \FileSystem\Ntfs \Ntfs FastIoQueryNetworkOpenInfo [F7275E89] Ntfs.sys Device \FileSystem\Ntfs \Ntfs AcquireForModWrite [F723A855] Ntfs.sys Device \FileSystem\Ntfs \Ntfs MdlRead [F7275F9D] Ntfs.sys Device \FileSystem\Ntfs \Ntfs MdlReadComplete [804E79E2] ntkrnlpa.exe Device \FileSystem\Ntfs \Ntfs PrepareMdlWrite [F7276317] Ntfs.sys Device \FileSystem\Ntfs \Ntfs MdlWriteComplete [8055FE96] ntkrnlpa.exe Device \FileSystem\Ntfs \Ntfs FastIoQueryOpen [F7232EE8] Ntfs.sys Device \FileSystem\Ntfs \Ntfs AcquireForCcFlush [F722E762] Ntfs.sys Device \FileSystem\Ntfs \Ntfs ReleaseForCcFlush [F722E788] Ntfs.sys Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [EC2D1C8A] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_NAMED_PIPE [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE [EC2CE7C8] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ [EC2CA60A] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE [EC2CAAED] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION [EC2D5958] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION [EC2D8821] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA [EC2E138A] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA [EC2E0D49] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS [EC2DABBE] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION [EC2DB331] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION [EC2E94F4] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL [EC2D1B37] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL [EC2CD948] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL [EC2D746B] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_INTERNAL_DEVICE_CONTROL [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN [EC2E879D] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL [EC2E7C4A] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP [EC2CE2FD] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE_MAILSLOT [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_SECURITY [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_SECURITY [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_POWER [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SYSTEM_CONTROL [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CHANGE [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_QUOTA [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_QUOTA [804F320E] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP [EC2E81DB] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom FastIoCheckIfPossible [EC2E31F9] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom FastIoRead [80560894] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom FastIoWrite [80560B50] ntkrnlpa.exe Device \FileSystem\Fastfat \FatCdrom FastIoQueryBasicInfo [EC2D2646] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom FastIoQueryStandardInfo [EC2D2405] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom FastIoLock [EC2D89F3] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom FastIoUnlockSingle [EC2DB518] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom FastIoUnlockAll [EC2E7929] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom FastIoUnlockAllByKey [EC2E7A21] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom FastIoQueryNetworkOpenInfo [EC2E328E] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom AcquireForCcFlush [EC2E84A6] Fastfat.SYS Device \FileSystem\Fastfat \FatCdrom ReleaseForCcFlush [EC2E851F] Fastfat.SYS Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [F71B3A80] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [F71B3A80] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CLOSE [F71B8A76] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_READ [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [F71B5159] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [F71C0B88] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [F71C0DF2] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [F71C5492] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [F71C5585] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [F71B85D2] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [F71C033D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [F71B8AB9] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [F71B3A80] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_POWER [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [F71AF35A] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs IRP_MJ_PNP [F71B052D] Mup.sys Device \FileSystem\Mup \Dfs FastIoCheckIfPossible

adam9870 · 9 Styczeń 2007 19:42

Nic podejrzanego nie widzę.

Zrób update do nowszej wersji Gmer’a:

http://www.idg.pl/ftp/pc_12767.html

ponieważ jest mniej wyczulona.

Proszę pokazać jeszcze log na takich ustawieniach:

#Zakładka Rootkit >>> Zaznaczone tylko Usługi oraz Pokaż wszystko >>> kliknij Szukaj >>> Czekaj cierpliwie aż skończy.

Jeśli log nie wejdzie bezpośrednio do posta, to umieść go w pliku tekstowym i umieść na jakimś serwerze:

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

m26 · 9 Styczeń 2007 19:56

GMER 1.0.11.11349 - http://www.gmer.net Rootkit 2007-01-09 20:57:32 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.11 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\system32\DRIVERS\Amfilter.sys [sYSTEM] Amfilter Service system32\drivers\amon.sys [AUTO] AMON Service [DISABLED] amsint Service C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [MANUAL] Amusbprt Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service [MANUAL] ATE_PROCMON Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [sYSTEM] AVG Anti-Spyware Driver Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [AUTO] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [AUTO] ForceWare Intelligent Application Manager (IAM) Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [AUTO] ForcewareWebInterface Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\system32\DRIVERS\irsir.sys [MANUAL] irsir Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service system32\drivers\nod32drv.sys [sYSTEM] nod32drv Service C:\Program Files\Eset\nod32krn.exe [AUTO] NOD32krn Service [sYSTEM] Npfs Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [AUTO] nSvcIp Service C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [AUTO] nSvcLog Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\DRIVERS\nvata.sys [bOOT] nvata Service C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [MANUAL] NVENETFD Service C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [MANUAL] nvnetbus Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\System32\DRIVERS\NVTcp.sys [sYSTEM] NVTCP Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service [AUTO] PavProc Service C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [AUTO] PavPrSrv Service [MANUAL] PavSRK.sys Service [MANUAL] PavTPK.sys Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service C:\WINDOWS\system32\DRIVERS\pciide.sys [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\System32\drivers\prodrv06.sys [sYSTEM] prodrv06 Service C:\WINDOWS\System32\drivers\prohlp02.sys [bOOT] prohlp02 Service C:\WINDOWS\System32\drivers\prosync1.sys [bOOT] prosync1 Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [sYSTEM] SASDIFSV Service C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [MANUAL] SASENUM Service C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [sYSTEM] SASKUTIL Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service C:\WINDOWS\System32\drivers\sfhlp01.sys [bOOT] sfhlp01 Service [sYSTEM] Sfloppy Service SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [sYSTEM] ShldDrv Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\system32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf Service UnlockerDriver5 Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbohci.sys [MANUAL] usbohci Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service VXD Service C:\WINDOWS\System32\svchost.exe [DISABLED] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [sYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {FBF85783-0FF1-405C-9513-CF41D7622EEB} ---- EOF - GMER 1.0.11 ----

Złączono Posta : 09.01.2007 (Wto) 21:04

Ta nowsza wersja Gmer’a nie wchodzi.

Gutek · 9 Styczeń 2007 22:13

Jest Ok, użyj http://beta.grisoft.cz/beta/betarep.fil … 0.0.13.exe oraz

m26 · 10 Styczeń 2007 16:07

OK DZIĘKI SERDECZNE WSZYSTKIM ZA POMOC

adam9870 · 10 Styczeń 2007 16:11

Czy AVG AntiRootkit znalazł jakieś szkodniki? Jeśli tak to podaj dokładnie jakie, a najlepiej wklej raport.