podejrzenie infekcji - do stron doklejany jest javascript

**Posty:** 244 · przez **L_Devil** 06 Lip 2007, 23:08

Do każdej strony na którą wchodzę za pomocą dowolnej przeglądarki (Firefox, IE) doklejany jest kod javascript (zwykle pojedyńcza funkcja "postamble();"), czasem jest z niej także wymazywany losowy tag i jego zawartość (np. obrazek img). Problem dotyczy wszystkich stron, a więc także Onetu czy Googli, dlatego wątpię, by był po stronie serwera. Ostatnio miałem kolejne problemy z netem - internet wyłączył się, połączenie nie chciało się "właczyć" (opcja w panelu sterowania). Restart kompa pomógł. System: WinXP, SP2

Logi:
HijackThis:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 22:30:18, on 2007-07-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe G:\HiJack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140874030625 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

SillentRunners:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."] "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"] "PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string] "Omnipage" = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "atwtusb" = "atwtusb.exe beta" ["Aiptek"] "ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitów" -> {HKLM...CLSID} = "Eksplorator pulpitów" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension" -> {HKLM...CLSID} = "NikonView Drop Extension" \InProcServer32\(Default) = "C:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan" -> {HKLM...CLSID} = "ZLAVShExt Class" \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices" -> {HKLM...CLSID} = "Portable Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu" -> {HKLM...CLSID} = "Portable Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {HKLM...CLSID} = "ZLAVShExt Class" \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {HKLM...CLSID} = "ZLAVShExt Class" \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Alina\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS] Startup items in "Alina" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\Alina\Menu Start\Programy\Autostart "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe" ["Adobe Systems Inc."] "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "NkvMon.exe" -> shortcut to: "C:\Program Files\Nikon\NkView6\NkvMon.exe" ["Nikon Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt04\Driver = "hpzlnt04.dll" ["HP"] PDF Port\Driver = "C:\WINDOWS\system32\pdfports.dll" ["Adobe Systems Incorporated."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 58 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 16 seconds. ---------- (total run time: 106 seconds)

**Posty:** 18165 · przez **wojtas** 07 Lip 2007, 09:38

daj loga z:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Posty:** 244 · przez **L_Devil** 07 Lip 2007, 14:55

Kiedy wsadziłem go do folderu
C:\Combofix\Combofix.exe i odpaliłem przemianował się na Combofix.exe.rar.01 i zgłosił błąd uszkodzonego archiwum. W dodatku nie pozwalał na usunięcie pliku po tej zmianie.

Ściągnąłem jeszcze raz, za pomocą Firefoxa, zmieniłem nazwę i folder i odpaliłem.

Efekt:

Kod: Zaznacz wszystko: "Alina" - 2007-07-07 14:24:03 - ComboFix 07-07-07.3 - Dodatek Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 ))))))))))))))))))))))))))))))) 2007-07-07 14:22 <DIR> d-------- C:\Cfix-true 2007-07-07 14:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-05 21:03 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-07-05 21:02 <DIR> d-------- C:\Program Files\Electrotank (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-07 11:36:44 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-07 11:36:44 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-17 10:45:20 -------- d-----w C:\Program Files\eMule 2007-06-05 12:33:37 -------- d-----w C:\DOCUME~1\Alina\DANEAP~1\Canon 2007-05-30 18:58:54 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-30 18:58:50 -------- d-----w C:\Program Files\iPod 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-10 12:12:26 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-05-08 18:13:46 -------- d-----w C:\DOCUME~1\Alina\DANEAP~1\Opera 2007-04-30 21:24:37 53,248 ----a-w C:\WINDOWS\system32\suppdll.dll 2007-04-30 21:24:37 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 09:04:41 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2001-04-16 16:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\ActiveX\AcroIEHelper.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [2002-03-09 03:53 C:\WINDOWS\system32\nwiz.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-25 16:39] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 03:15] "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "atwtusb"="atwtusb.exe" [2002-04-23 17:20 C:\WINDOWS\system32\atwtusb.exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 15:03] ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-07 14:25:55 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-07 14:26:51 --- E O F ---

Dodać jeszcze należy że w folderze C:\Combofix po zakończeniu skanu pojawiło się mnóstwo róznych plików (z rozszerzeniami .tmp, .exe itp). Nazwy wyglądały na losowe, pliki miały ikonki plików systemowych i samego pliku ComboFix. Część z nich była ukryta. Potem folder się sam usunął

**Posty:** 18165 · przez **wojtas** 07 Lip 2007, 19:53

znasz to:

C:\Cfix-true

**Posty:** 244 · przez **L_Devil** 08 Lip 2007, 00:16

Tak, do tego folderu wstawiłem za drugim razem combo-fixa

**Posty:** 18165 · przez **wojtas** 08 Lip 2007, 00:24

logi masz czyste

**Posty:** 244 · przez **L_Devil** 08 Lip 2007, 21:33

Dzięki

Poproszę to na piśmie w pdf'ie, wydrukuję i włożę do środka komputera - może on też powinien to wiedzieć?

A tak na serio to co jeszcze może być tego przyczyną? Skan antywirusowy milczy jak zaklęty (Avast), podobnie jak ad-aware i spybot search & destroy. Na stronach znikają niektóre obrazki i jest to coraz bardziej irytujące...

**Posty:** 18165 · przez **wojtas** 09 Lip 2007, 10:25

moglbys dac jakiegos screena jak to wyglada?

**Posty:** 244 · przez **L_Devil** 09 Lip 2007, 22:06

Wedle życzenia, forum Draconis:

Tak jest na "chorym" komputerze:

A tak być powinno:

Tak jest na "chorym" komputerze:

A tak być powinno:

Tak jest na "chorym" komputerze:

A tak być powinno:

Obrazki znikają na wielu stronach, nie tylko forach dyskusyjnych. Funkcja "postamble();" jest obecna na każdej stronie, nawet google.pl albo onet.pl

**Posty:** 18165 · przez **wojtas** 10 Lip 2007, 07:25

sciagnij gmera:

http://gmer.net/gmer.zip

1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

**Posty:** 5637 · przez **kahoona** 10 Lip 2007, 07:58

Kod: Zaznacz wszystko: ZONE ALARM 1. click on the "Privacy" tab then click on the "Ad-Blocking" Custom button. Remove the check from the "Banner/Skyscraper ads" option. OR 2. click on the "Privacy" tab then click on the "Ad-Blocking" Custom button. Under "Ad Void Control", select "A box I can mouse over to get the ad to appear". Also remove the check from the "Animation" option and you'll get animated emoticons.

I tu bym szukał rozwiązania. Łącznie z wyłączeniem internetu po "ataku".

**Posty:** 244 · przez **L_Devil** 10 Lip 2007, 13:00

Pierwszy log:

Kod: Zaznacz wszystko: GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-07-10 12:23:37 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess ---- Kernel code sections - GMER 1.0.13 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ F0, E1, 6F, F1, 80, 44, 70, ... ] ? srescan.sys Nie można odnaleźć określonego pliku. ---- Kernel IAT/EAT - GMER 1.0.13 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F1702950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F1702E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F1702FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F1702AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F1702AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F1702950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F1702E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F1702FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F1702950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F1702FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F1702E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F1702AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F1702FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F1702E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F1702950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F170FFB0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F1702AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F1702950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F1702E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F1702FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F1702FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F1702E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F1702AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F1702950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F1702950] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F1702AC0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F1702FD0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F1702E70] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F16FB570] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F16FB4C0] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F16FB670] \SystemRoot\System32\vsdatant.sys IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F16FB1D0] \SystemRoot\System32\vsdatant.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F1190F74] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F118F812] aswMon2.SYS Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F170F8A0] vsdatant.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F76832C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F76838E6] aswTdi.SYS Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F170F8A0] vsdatant.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F76832C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F76838E6] aswTdi.SYS Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F170F8A0] vsdatant.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F76832C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F76838E6] aswTdi.SYS Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F170F8A0] vsdatant.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F76832C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F76838E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F76838E6] aswTdi.SYS Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F170F8A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F170F8A0] vsdatant.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F1190F74] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F118F812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F118F812] aswMon2.SYS ---- Registry - GMER 1.0.13 ---- Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- Files - GMER 1.0.13 ---- File C:\sccfg.sys ---- EOF - GMER 1.0.13 ----

Drugi log:

[code]GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-10 12:24:29
Windows 5.1.2600 Dodatek Service Pack 2

---- Services - GMER 1.0.13 ----

Service C:\WINDOWS\system32\DRIVERS\61883.sys [MANUAL] 61883
Service [SYSTEM] Aavmker4
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service C:\WINDOWS\system32\DRIVERS\arp1394.sys [MANUAL] Arp1394
Service C:\WINDOWS\system32\drivers\ASAPIW2k.sys [MANUAL] ASAPIW2k
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASPI32
Service [AUTO] aswMon2
Service [MANUAL] aswRdr
Service [SYSTEM] aswTdi
Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub
Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus
Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner
Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner
Service C:\WINDOWS\system32\DRIVERS\avc.sys [MANUAL] Avc
Service BattC
Service [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS
Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser
Service C:\DOCUME~1\Alina\USTAWI~1\Temp\catchme.sys [MANUAL] catchme
Service [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service [DISABLED] CmdIde
Service C:\WINDOWS\system32\drivers\cmuda.sys [MANUAL] cmuda
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys [DISABLED] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys [DISABLED] dmload
Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem
Service [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc
Service C:\WINDOWS\system32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS
Service [SYSTEM] Fips
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr
Service [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb
Service [DISABLED] hpn
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [SYSTEM] intelppm
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp
Service C:\WINDOWS\system32\DRIVERS\itchfltr.sys [MANUAL] itchfltr
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service L8042PRT
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts
Service LSERMOUS
Service C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [MANUAL] MarvinBus
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger
Service [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC
Service C:\WINDOWS\system32\DRIVERS\msdv.sys [MANUAL] MSDV
Service [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC
Service [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\system32\DRIVERS\nic1394.sys [MANUAL] NIC1394
Service C:\WINDOWS\system32\svchost

**Posty:** 18165 · przez **wojtas** 10 Lip 2007, 13:53

2 wklej caly bo sie nie zmiescil

podejrzenie infekcji - do stron doklejany jest javascript

podejrzenie infekcji - do stron doklejany jest javascript

Kto jest na forum