Hijackthis.de kaźe usunąć Framework (UMWdf)

Przeskanowałem Hijackiem i poddałem loga analizie na stronie hijackthis.de i oni upierają się aby usunąć pozycję:O23 – Service: Windows User Mode Driver Framework (UMWdf) – Unknown owner – C:\WINDOWS\system32\wdfmgr.exe (file missing)
1. Co to jestza usługa? na wielu kompach ta sytuacja z Hijackiem sie powtarza.

2. Na ile wiarygodne są zalecenia z tej strony analizującej?.
Podaje równiez cały log

Logfile of HijackThis v1.99.1
Scan saved at 20:53:14, on 2005–11–22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Tata\Stery i pakery\hijackthis–1\HijackThis.exe

R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – Startup: Avast.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 – Trusted Zone: http://skaner.mks.com.pl
O16 – DPF: {1351255D–A135–11D4–82CC–0080C8D7ED4A} (GameDesire Reversi(Othello)) – http://67.15.101.3/g_bin/pl/reversi_2_0_0_15.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120808012953
O16 – DPF: {7B297BFD–85E4–4092–B2AF–16A91B2EA103} (WScanCtl Class) – http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 – DPF: {A1FE3DE0–CF77–11D4–8340–0080C8D7ED4A} (GameDesire Pinball Demon) – http://67.15.101.3/g_bin/pl/demon_2_0_0_18.cab
O16 – DPF: {A1FE3DEF–CF77–11D4–8340–0080C8D7ED4A} (GameDesire Pinball Pirate) – http://67.15.101.3/g_bin/pl/pirate_2_0_0_18.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {AD7013FF–1D9A–4F36–94A6–3CD408A663F9} (GameDesire BreakOut) – http://67.15.101.3/g_bin/pl/breakout_2_0_0_17.cab
O16 – DPF: {BB21F850–63F4–4EC9–BF9D–565BD30C9AE9} (ASquaredScanForm Element) – http://www.windowsecurity.com/trojanscan/axscan.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_35.cab
O16 – DPF: {DCB16E44–D6DB–473E–A251–F6FBB381C1C3} (GameDesire Chess) – http://67.15.101.3/g_bin/pl/chess_2_0_0_15.cab
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GameDesire Pool Training) – http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O20 – Winlogon Notify: WRNotifier – WRLogonNTF.dll (file missing)
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: O&O Defrag (OODefrag) – O&O Software GmbH – C:\WINDOWS\system32\oodag.exe
O23 – Service: Windows User Mode Driver Framework (UMWdf) – Unknown owner – C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe

POZDRAWIAM i proszę o pomoc

kromlech:
...dlaczego do usunięcia pozycja 06?

Watpie, abys sam wprowadzal ograniczenia w IE. Z reguly jest to dzielo zlosliwego oprogramowania – np. blokada mozliwosci zmiany strony startowej.

EL NINO

Dodano: 23.11.2005 23:59:47

EL NINO:
wdfmgr.exe to Microsoft Windows Media Player.
"Oni" upieraja sie dlatego, ze HJ pokazal: "file missing", co nie jest w kazdym przypadku prawdziwe. Watpliwosci nalezy sprawdzic samemu.

Ty masz do usuniecia wpisy:
O6
O20 – jesli nie masz juz SpySweepera.

OK. Dzięki, wywaliłem. Tylko dlaczego do usunięcia pozycja 06?
Log po czyszczeniu
Logfile of HijackThis v1.99.1
Scan saved at 23:35:30, on 2005–11–22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Tata\Stery i pakery\hijackthis–1\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – Startup: Avast.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 – Trusted Zone: http://skaner.mks.com.pl
O16 – DPF: {1351255D–A135–11D4–82CC–0080C8D7ED4A} (GameDesire Reversi(Othello)) – http://67.15.101.3/g_bin/pl/reversi_2_0_0_15.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120808012953
O16 – DPF: {7B297BFD–85E4–4092–B2AF–16A91B2EA103} (WScanCtl Class) – http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 – DPF: {AD7013FF–1D9A–4F36–94A6–3CD408A663F9} (GameDesire BreakOut) – http://67.15.101.3/g_bin/pl/breakout_2_0_0_17.cab
O16 – DPF: {BB21F850–63F4–4EC9–BF9D–565BD30C9AE9} (ASquaredScanForm Element) – http://www.windowsecurity.com/trojanscan/axscan.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_35.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: O&O Defrag (OODefrag) – O&O Software GmbH – C:\WINDOWS\system32\oodag.exe
O23 – Service: Windows User Mode Driver Framework (UMWdf) – Unknown owner – C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe

kromlech

Dodano: 23.11.2005 00:37:10

wdfmgr.exe to Microsoft Windows Media Player.
"Oni" upieraja sie dlatego, ze HJ pokazal: "file missing", co nie jest w kazdym przypadku prawdziwe. Watpliwosci nalezy sprawdzic samemu.

Ty masz do usuniecia wpisy:
O6
O20 – jesli nie masz juz SpySweepera.

EL NINO

Dodano: 22.11.2005 23:00:58

Hijackthis.de kaźe usunąć Framework (UMWdf)

Odpowiedzi: 3