Nieustanne wysyłanie danych

Dla specjalistów Bezpieczeństwo
#1

Witam, mam windows XP z SP2. Od jakiegoś czasu mój kompuer “sam” wysyła dane poprzez serwery smtp; proces systemowy svchost.exe (w kilku, kilkunastu "egzemplarzach"pożera całe pasmo wychodzące, co znacząco spowalnia działanie internetu (mam neostradę 512).

Podejrzewam, że to jakiś rootkit, jednak sprawdzałem system kilkoma programami do wykrywania rootkitów, antywirusowymi itp. jednak żaden nie wykrył nic podejrzanego.

Wklejam loga z hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 21:50:10, on 2006-12-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

d:\Programy\Alwil Software\Avast4\aswUpdSv.exe

d:\Programy\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Mixer.exe

D:\Programy\ALWILS~1\Avast4\ashDisp.exe

D:\Programy\Java\jre1.5.0_08\bin\jusched.exe

D:\Programy\DU Meter\DUMeter.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

D:\Programy\cFos\cFosSpeed.exe

D:\Programy\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.exe

D:\Programy\cFos\spd.exe

D:\Programy\Gadu-Gadu\gg.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Programy\ScannerU\AM32.exe

C:\WINDOWS\system32\svchost.exe

D:\Programy\OPTIQUE 20\ICON.EXE

d:\Programy\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\svchost.exe

D:\Programy\MF\firefox.exe

C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\jre1.5.0_08\bin\ssv.dll

O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM…\Run: [avast!] d:\Programy\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Programy\Java\jre1.5.0_08\bin\jusched.exe

O4 - HKLM…\Run: [DU Meter] D:\Programy\DU Meter\DUMeter.exe

O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [bearFlix] “d:\Programy\BearFlix\BearFlix.exe” /pause

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM…\Run: [cFosSpeed] D:\Programy\cFos\cFosSpeed.exe

O4 - HKLM…\Run: [Windows Update Notifier] “C:\WINDOWS\system32\winalert.exe”

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [AtiTrayTools] “D:\Programy\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Programy\Gadu-Gadu\gg.exe” /tray

O4 - Global Startup: Action Manager 32.lnk = D:\Programy\ScannerU\AM32.exe

O4 - Global Startup: OPTIQUE 20 Monitor.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programy\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programy\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL

O17 - HKLM\System\CCS\Services\Tcpip…{E1A54E71-705A-4850-8C4E-F1D74A351D30}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - d:\Programy\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - d:\Programy\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - d:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Programy\cFos\spd.exe" -service (file missing)

Oraz usługi z GMER:

GMER 1.0.12.12011 - http://www.gmer.net

Rootkit scan 2006-12-01 22:05:50

Windows 5.1.2600 Dodatek Service Pack 2

---- Services - GMER 1.0.12 ----

Service .NET CLR Data

Service .NET CLR Networking

Service .NET Data Provider for Oracle

Service .NET Data Provider for SqlServer

Service .NETFramework

Service C:\WINDOWS\system32\DRIVERS\a347bus.sys [bOOT] a347bus

Service C:\WINDOWS\System32\Drivers\a347scsi.sys [bOOT] a347scsi

Service [sYSTEM] Aavmker4

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI

Service [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn

Service C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service C:\WINDOWS\system32\DRIVERS\amdk7.sys [sYSTEM] AmdK7

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service ASP.NET

Service ASP.NET_1.1.4322

Service ASP.NET_2.0.50727

Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state

Service [AUTO] aswMon2

Service [MANUAL] aswRdr

Service [sYSTEM] aswTdi

Service d:\Programy\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv

Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\system32\Ati2evxx.exe [AUTO] Ati HotKey Poller

Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart

Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag

Service Atierecord

Service D:\Programy\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys [sYSTEM] atitray

Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub

Service d:\Programy\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus

Service d:\Programy\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner

Service BattC

Service [sYSTEM] Beep

Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS

Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser

Service C:\WINDOWS\System32\Drivers\Ca533av.sys [AUTO] Ca533av

Service [DISABLED] cbidf2k

Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE

Service [DISABLED] cd20xrnt

Service [sYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom

Service C:\WINDOWS\system32\DRIVERS\cfosspeed.sys [MANUAL] cFosSpeed

Service D:\Programy\cFos\spd.exe [AUTO] cFosSpeedS

Service [sYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32

Service [DISABLED] CmdIde

Service C:\WINDOWS\system32\drivers\cmaudio.sys [MANUAL] cmpci

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload

Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\system32\DRIVERS\ENTECH.sys [MANUAL] ENTECH

Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc

Service [sYSTEM] Fips

Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk

Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr

Service [sYSTEM] Fs_Rec

Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk

Service fwdrv

Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum

Service C:\WINDOWS\system32\giveio.sys [bOOT] giveio

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\WINDOWS\system32\drivers\gt680x.sys [MANUAL] GT680xNT

Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb

Service [DISABLED] hpn

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service [sYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt

Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi

Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service [DISABLED] IntelIde

Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw

Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec

Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp

Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass

Service khips

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [bOOT] KSecDD

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation

Service [sYSTEM] lbrtfdc

Service ldap

Service LicenseService

Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts

Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger

Service [sYSTEM] mnmdd

Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass

Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid

Service [bOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb

Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC

Service [sYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE

Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401

Service [bOOT] Mup

Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC

Service [bOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP

Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio

Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS

Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla

Service [sYSTEM] Npfs

Service [DISABLED] Ntfs

Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [sYSTEM] Null

Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\WINDOWS\system32\drivers\oreans32.sys [sYSTEM] oreans32

Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose

Service Outlook

Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport

Service [bOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI

Service [sYSTEM] PCIDump

Service [DISABLED] PCIIde

Service [DISABLED] Pcmcia

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent

Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD

Service RDPDD

Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry

Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP

Service system32\DRIVERS\RT61.sys [MANUAL] RT61

Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv

Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum

Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial

Service C:\WINDOWS\System32\drivers\sfdrv01.sys [bOOT] sfdrv01

Service C:\WINDOWS\System32\drivers\sfhlp02.sys [bOOT] sfhlp02

Service [sYSTEM] Sfloppy

Service C:\WINDOWS\System32\drivers\sfsync04.sys [bOOT] sfsync04

Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service C:\WINDOWS\system32\drivers\si3112.sys [bOOT] si3112

Service [DISABLED] Simbad

Service C:\WINDOWS\system32\drivers\SiWinAcc.sys [bOOT] SiWinAcc

Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\speedfan.sys [bOOT] speedfan

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler

Service C:\WINDOWS\system32\DRIVERS\sr.sys [DISABLED] sr

Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\system32\svchost.exe [DISABLED] SSDPSRV

Service C:\WINDOWS\system32\svchost.exe [AUTO] stisvc

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip

Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service TSDDD

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\system32\svchost.exe [DISABLED] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service C:\WINDOWS\System32\Drivers\Bulk533.sys [MANUAL] USBCamera

Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp

Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint

Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR

Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci

Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave

Service C:\WINDOWS\system32\DRIVERS\viaagp.sys [bOOT] viaagp

Service C:\WINDOWS\system32\DRIVERS\viaide.sys [bOOT] ViaIde

Service [bOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time

Service W3SVC

Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service WinSock2

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi

Service WmiApRpl

Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service [sYSTEM] WS2IFSL

Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc

Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC

Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WZCSVC

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov

Service {F620F123-65CE-4DCB-B980-04D01E758993}

---- EOF - GMER 1.0.12 ----

#2

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\System32\winalert.exe

C:\WINDOWS\System32\rpcc.dll

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222