Problem z otwieraniem się stron + irdvxc

k_milek_k · Styczeń 26, 2017, 8:23rano

Logfile of HijackThis v1.99.1 Scan saved at 10:35:31, on 2007-01-25 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\irdvxc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\mysvcc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Documents and Settings\admin\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\Run: [Microsoft Directx click] directxclick.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [sYSTEM] winmgrd.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [Microsoft Directx click] directxclick.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip…{4593A04C-36DC-4361-BD83-A480162C6700}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

mam mks ad-aware i spyware doctor

adam9870 · Styczeń 26, 2017, 11:26po południu

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\System32\mysvcc.exe

C:\WINDOWS\System32\svcchost.exe

C:\WINDOWS\System32\directxclick.exe

C:\WINDOWS\System32\winmgrd.exe

C:\WINDOWS\System32\irdvxc.exe

po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Usuń wpisy HJT.

Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners. Możesz też pokazać log z Gmer’a przy poniższym ustawieniu, ponieważ powinna być jeszcze usługa od tego syfu i sterownik.

Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

k_milek_k · Styczeń 26, 2017, 11:26po południu

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “Microsoft Directx click” = “directxclick.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “MKS_MENU” = “C:\Program Files\MKS\Bin\mks_menu.exe” [“MKS Sp. z o.o.”] “ABREGMON” = “C:\Program Files\MKS\Bin\ABregmon.exe” [“ArcaBit”] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}(Default) = (no title provided) -> {HKLM…CLSID} = “PCTools Site Guard” \InProcServer32(Default) = “C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll” [“PC Tools”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] {B56A7D7D-6927-48C8-A975-17DF180C71AC}(Default) = (no title provided) -> {HKLM…CLSID} = “PCTools Browser Monitor” \InProcServer32(Default) = “C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll” [“PC Tools”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ MkS_Vir(Default) = “{CC4245C0-D511-11D0-8918-444553540000}” -> {HKLM…CLSID} = “MkS_Vir Shell Extension” \InProcServer32(Default) = “C:\Program Files\MKS\Bin\MkSShell.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll” [“Sun Microsystems, Inc.”] {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ “ButtonText” = “Spyware Doctor” “CLSIDExtension” = “{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}” -> {HKLM…CLSID} = “PCTools Browser Monitor” \InProcServer32(Default) = “C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll” [“PC Tools”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcaBit NetMonitor, ABNetMon, “C:\Program Files\MKS\Bin\NetMonSV.exe” [“ArcaBit sp. z o.o.”] MkS_Scan, MkS_Scan, “C:\Program Files\MKS\Bin\mks_scan.exe” [empty string] MkS_Vir Monitor, MksVirMonSvc, “C:\Program Files\MKS\Bin\mksmonsv.exe” [empty string] PC Tools Spyware Doctor, SDhelper, “C:\Program Files\Spyware Doctor\sdhelp.exe” [“PC Tools Research Pty Ltd”] SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 566 seconds, including 7 seconds for message boxes)

Logfile of HijackThis v1.99.1 Scan saved at 11:24:13, on 2007-01-25 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\admin\Pulpit\hijackthis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Microsoft Directx click] directxclick.exe O4 - HKCU…\RunServices: [Microsoft Directx click] directxclick.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip…{4593A04C-36DC-4361-BD83-A480162C6700}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

zaraz Gmer

Krzychuu · Styczeń 26, 2017, 11:26po południu

k_milek_k log z SR jest urwany. :?

k_milek_k · Styczeń 26, 2017, 11:26po południu

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-25 11:34:22 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service C:\Program Files\MKS\Bin\NetMonSV.exe [AUTO] ABNetMon Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\System32\svchost.exe [AUTO] Messenger Service C:\Program Files\MKS\Bin\mksmonsv.exe [AUTO] MksVirMonSvc Service [AUTO] ParVdm Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\Program Files\Spyware Doctor\sdhelp.exe [AUTO] SDhelper Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service C:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service [bOOT] KSecDD Service [bOOT] MountMgr Service [bOOT] Mup Service [bOOT] NDIS Service [bOOT] PartMgr Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service [DISABLED] AliIde Service [DISABLED] amsint Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service [DISABLED] Atdisk Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [DISABLED] Cdfs Service [DISABLED] CmdIde Service [DISABLED] Cpqarray Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service [DISABLED] dpti2o Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [DISABLED] i2omp Service [DISABLED] ini910u Service [DISABLED] IntelIde Service C:\WINDOWS\TEMP\mc21.tmp [DISABLED] mchInjDrv Service [DISABLED] mraid35x Service [DISABLED] Ntfs Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [DISABLED] perc2 Service [DISABLED] perc2hib Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess Service [DISABLED] Simbad Service [DISABLED] Sparrow Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] TosIde Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service C:\WINDOWS\System32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service C:\Program Files\MKS\Bin\mks_scan.exe [MANUAL] MkS_Scan Service C:\Program Files\MKS\Bin\MksMonEn.sys [MANUAL] MksMonEn Service C:\Program Files\MKS\Bin\MksMonEv.sys [MANUAL] MksMonEv Service C:\Program Files\MKS\Bin\MksMonFd.sys [MANUAL] MksMonFd Service C:\Program Files\MKS\bin\MkSUpdateInt.exe [MANUAL] MkSUpdateInt Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\Documents and Settings\admin\msdirectxclk.sys [MANUAL] msdirectxclick Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service [MANUAL] Winsock Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\Program Files\MKS\Bin\ABTDI.sys [sYSTEM] ABTDI Service [sYSTEM] Beep Service [sYSTEM] Cdaudio Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service [sYSTEM] Fips Service [sYSTEM] Fs_Rec Service [sYSTEM] i2omgmt Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service C:\WINDOWS\system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service [sYSTEM] lbrtfdc Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service [sYSTEM] Msfs Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service [sYSTEM] Npfs Service [sYSTEM] Null Service [sYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service BattC Service ContentFilter Service ContentIndex Service inetaccs Service Inport Service ISAPISearch Service ldap Service LicenseService Service Outlook Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service RDPDD Service RDPNP Service TSDDD Service W3SVC Service WinSock2 Service WinTrust Service WmiApRpl Service {F2D4B5D4-D798-4875-B24C-E17B34C9247D} ---- EOF - GMER 1.0.12 ----

coś jeszcze ?

adam9870 · Styczeń 26, 2017, 11:26po południu

Uruchom system w trybie awaryjnym. Tylko mała uwaga, ponieważ masz Deamon Tools, który może przeszkadzać dlatego przy uruchamianiu przy pytaniu o ładowanie sterownika sptd.sys anuluj wciskając w tym celu klawisz Esc.
Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.
W zakładce Usługi skasuj z prawokliku usługę mchInjDrv oraz msdirectxclick
W zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

W zakładce CMD z zaznaczoną opcją REGEDIT.EXE wklej:

W zakładce Procesy wybierz Zabij wszystko. Teraz poczekaj chwilkę i nie zdziw się, ponieważ zniknie pulpit.
W zakładce CMD klikasz kolejno na Uruchom dla opcji CMD.EXE i REGEDIT.EXE

Teraz reset i proszę pokazać nowy log z Gmer’a (usługi+pokazuj wszystko) oraz z ComboFix’a. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

k_milek_k · Styczeń 26, 2017, 11:26po południu

ComboFix 07-01-25 - Running from: “C:\Documents and Settings\admin\Pulpit” ERROR ! /wow section not completed ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 )))))))))))))))))))))))))))))))))) 2007-01-25 12:48 94 --a------ C:\WINDOWS\gmer.reg 2007-01-25 12:41 2007-01-25 11:17 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-01-25 11:03 2007-01-25 10:22 2007-01-24 18:05 2007-01-24 14:47 2007-01-24 14:47 2007-01-24 14:47 2007-01-24 14:46 2007-01-24 12:06 76,062 --a------ C:\WINDOWS\system32\recsl.exe 2007-01-24 10:28 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-01-24 10:28 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-01-24 10:28 2007-01-24 10:28 2007-01-23 22:55 0 --a------ C:\WINDOWS\system32\directxclickers.exe 2007-01-23 17:05 2007-01-23 16:33 63,488 --ahs---- C:\WINDOWS\system32\urdvxc.exe 2007-01-23 16:32 57,856 --ahs---- C:\WINDOWS\system32.exe 2007-01-23 09:30 2007-01-22 14:29 2007-01-22 13:11 2007-01-22 11:04 2007-01-22 11:02 2007-01-22 11:01 2007-01-19 19:13 2007-01-16 15:47 2007-01-15 11:51 2007-01-14 07:31 2007-01-13 14:24 2007-01-13 14:24 2007-01-13 07:32 2007-01-12 12:41 2007-01-10 18:12 2007-01-10 07:23 2007-01-09 08:10 2007-01-08 17:04 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-01-08 17:03 2007-01-08 16:58 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-01-08 16:58 2007-01-08 16:56 89,984 --a------ C:\WINDOWS\system32\drivers\sptd1005.sys 2007-01-08 16:56 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-08 15:50 2007-01-08 15:49 2007-01-08 15:48 2007-01-08 15:48 2007-01-06 10:01 2007-01-05 18:11 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-01-05 18:11 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-01-05 18:11 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-01-05 13:04 2007-01-04 08:07 2007-01-01 21:59 2007-01-01 21:59 2007-01-01 21:58 2007-01-01 21:53 2007-01-01 20:41 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-01-01 20:41 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-01-01 20:41 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-01-01 20:41 159,232 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-01-01 20:41 122,472 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-01-01 20:37 6,400 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-01-01 20:37 57,472 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-01-01 20:37 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-01-01 20:37 42,752 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-01-01 20:37 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-01-01 20:37 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-01-01 20:37 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-01-01 20:36 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-01-01 20:36 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll 2007-01-01 20:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-01-01 20:36 134,144 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-01-01 20:31 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-01-01 20:31 151,552 --------- C:\WINDOWS\system32\pxwma.dll 2007-01-01 20:31 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-01-01 20:31 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-01-01 20:31 2007-01-01 20:09 2007-01-01 20:07 100,482 --a------ C:\WINDOWS\UninstallFirefox.exe 2007-01-01 20:07 2007-01-01 20:00 991,232 --a------ C:\WINDOWS\system32\virtear.dll 2007-01-01 20:00 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll 2007-01-01 20:00 765,952 --a------ C:\WINDOWS\system\crlds3d.dll 2007-01-01 20:00 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll 2007-01-01 20:00 720,896 --a------ C:\WINDOWS\system32\a3d.dll 2007-01-01 20:00 578,368 --a------ C:\WINDOWS\system32\drivers\smwdm.sys 2007-01-01 20:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-01-01 20:00 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll 2007-01-01 20:00 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe 2007-01-01 20:00 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll 2007-01-01 20:00 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe 2007-01-01 20:00 44 --a------ C:\WINDOWS\system32\msssc.dll 2007-01-01 20:00 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys 2007-01-01 20:00 380,928 --a------ C:\WINDOWS\SynCor.exe 2007-01-01 20:00 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll 2007-01-01 20:00 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys 2007-01-01 20:00 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll 2007-01-01 20:00 2007-01-01 20:00 2007-01-01 19:59 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-01-01 19:59 265 --a------ C:\WINDOWS\mks.bat 2007-01-01 19:58 2007-01-01 18:55 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2007-01-01 18:54 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys 2007-01-01 18:54 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys 2007-01-01 18:54 5,606 --a------ C:\WINDOWS\system32\stci.dll 2007-01-01 18:54 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys 2007-01-01 18:54 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys 2007-01-01 18:54 2007-01-01 18:54 2007-01-01 18:54 2007-01-01 18:52 2007-01-01 18:52 2007-01-01 18:51 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:39 2007-01-01 18:39 2007-01-01 18:38 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-01-01 18:38 0 -rahs---- C:\MSDOS.SYS 2007-01-01 18:38 0 -rahs---- C:\IO.SYS 2007-01-01 18:38 0 --a------ C:\CONFIG.SYS 2007-01-01 18:38 0 --a------ C:\AUTOEXEC.BAT 2007-01-01 18:37 179,200 --a------ C:\WINDOWS\system32\qmgr.dll 2007-01-01 18:37 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:36 90,624 --a------ C:\WINDOWS\system32\msoert2.dll 2007-01-01 18:36 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2007-01-01 18:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-01-01 18:36 73,728 --a------ C:\WINDOWS\system32\ils.dll 2007-01-01 18:36 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-01-01 18:36 69,632 --a------ C:\WINDOWS\system32\icwdial.dll 2007-01-01 18:36 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-01-01 18:36 65,536 --a------ C:\WINDOWS\system32\msconf.dll 2007-01-01 18:36 61,952 --a------ C:\WINDOWS\system32\srclient.dll 2007-01-01 18:36 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-01-01 18:36 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-01-01 18:36 49,152 --a------ C:\WINDOWS\system32\inetres.dll 2007-01-01 18:36 40,960 --a------ C:\WINDOWS\system32\safrslv.dll 2007-01-01 18:36 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-01-01 18:36 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-01-01 18:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-01-01 18:36 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-01-01 18:36 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-01-01 18:36 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-01-01 18:36 26,624 --a------ C:\WINDOWS\system32\safrdm.dll 2007-01-01 18:36 253,440 --a------ C:\WINDOWS\system32\mstask.dll 2007-01-01 18:36 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-01-01 18:36 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-01-01 18:36 219,136 --a------ C:\WINDOWS\system32\srrstr.dll 2007-01-01 18:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-01-01 18:36 159,744 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-01-01 18:36 155,648 --a------ C:\WINDOWS\system32\srsvc.dll 2007-01-01 18:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-01-01 18:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:35 99,328 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-01-01 18:35 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-01-01 18:35 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-01-01 18:35 89,600 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-01-01 18:35 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-01-01 18:35 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-01-01 18:35 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-01-01 18:35 61,952 --a------ C:\WINDOWS\system32\rdshost.exe 2007-01-01 18:35 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-01-01 18:35 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-01-01 18:35 56,832 --a------ C:\WINDOWS\system32\remotepg.dll 2007-01-01 18:35 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-01-01 18:35 534,016 --a------ C:\WINDOWS\system32\spider.exe 2007-01-01 18:35 503,296 --a------ C:\WINDOWS\system32\mstscax.dll 2007-01-01 18:35 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-01-01 18:35 494,592 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-01-01 18:35 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-01-01 18:35 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-01-01 18:35 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-01-01 18:35 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-01-01 18:35 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-01-01 18:35 387,072 --a------ C:\WINDOWS\system32\mstsc.exe 2007-01-01 18:35 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-01-01 18:35 342,016 --a------ C:\WINDOWS\system32\mspaint.exe 2007-01-01 18:35 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-01-01 18:35 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-01-01 18:35 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-01-01 18:35 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-01-01 18:35 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-01-01 18:35 198,656 --a------ C:\WINDOWS\system32\termsrv.dll 2007-01-01 18:35 19,456 --a------ C:\WINDOWS\system32\qprocess.exe 2007-01-01 18:35 183,296 --a------ C:\WINDOWS\system32\accwiz.exe 2007-01-01 18:35 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-01-01 18:35 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-01-01 18:35 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-01-01 18:35 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-01-01 18:35 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-01-01 18:35 134,656 --a------ C:\WINDOWS\system32\rdchost.dll 2007-01-01 18:35 131,072 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-01-01 18:35 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-01-01 18:35 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-01-01 18:35 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-01-01 18:35 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-01-01 18:35 118,272 --a------ C:\WINDOWS\system32\mplay32.exe 2007-01-01 18:35 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-01-01 18:35 113,664 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-01-01 18:35 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-01-01 18:35 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-01-01 18:35 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:34 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-01-01 18:34 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-01-01 18:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-01-01 18:34 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-01-01 18:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-01-01 18:34 8,704 --a------ C:\WINDOWS\system32\icaapi.dll 2007-01-01 18:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-01-01 18:34 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-01-01 18:34 57,344 --a------ C:\WINDOWS\system32\licwmi.dll 2007-01-01 18:34 56,832 --a------ C:\WINDOWS\system32\colbact.dll 2007-01-01 18:34 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-01-01 18:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-01-01 18:34 53,248 --a------ C:\WINDOWS\system32\servdeps.dll 2007-01-01 18:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-01-01 18:34 495,616 --a------ C:\WINDOWS\system32\comuid.dll 2007-01-01 18:34 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-01-01 18:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-01-01 18:34 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-01-01 18:34 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-01-01 18:34 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-01-01 18:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-01-01 18:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-01-01 18:34 215,040 --a------ C:\WINDOWS\system32\catsrv.dll 2007-01-01 18:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-01-01 18:34 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-01-01 18:34 177,152 --a------ C:\WINDOWS\system32\cmprops.dll 2007-01-01 18:34 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-01-01 18:34 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-01-01 18:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-01-01 18:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-01-01 18:34 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-01-01 18:34 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-01-01 18:34 2007-01-01 18:34 2007-01-01 18:30 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-01-01 18:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-01-01 18:29 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-01-01 18:29 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys 2007-01-01 18:29 70,144 --a------ C:\WINDOWS\system32\usbui.dll 2007-01-01 18:29 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-01-01 18:29 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll 2007-01-01 18:28 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-01-01 18:28 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-01-01 18:28 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-01-01 18:28 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-01-01 18:28 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-01-01 18:28 71,680 --a------ C:\WINDOWS\system32\storprop.dll 2007-01-01 18:28 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-01-01 18:28 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-01-01 18:28 69,712 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-01-01 18:28 67,072 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-01-01 18:28 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\batt.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-01-01 18:28 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-01-01 18:28 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-01-01 18:28 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-01-01 18:28 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-01-01 18:28 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-01-01 18:28 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-01-01 18:28 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-01-01 18:28 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-01-01 18:28 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-01-01 18:28 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-01-01 18:28 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-01-01 18:28 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-01-01 18:28 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-01-01 18:28 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-24 23:06 57856 --ahs---- C:\WINDOWS\system32.exe 2007-01-03 08:43 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\macromedia 2007-01-01 20:07 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\mozilla 2007-01-01 18:48 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\identities 2007-01-01 18:35 -------- d-------- C:\Program Files\usˆugi online 2007-01-01 18:28 62 --ahs---- C:\DOCUME~1\admin\Dane aplikacji\desktop.ini 2007-01-01 18:27 -------- d—s---- C:\DOCUME~1\admin\Dane aplikacji\microsoft (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “Microsoft Directx click”=“directxclick.exe” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] “Microsoft Directx click”=“directxclick.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “MKS_MENU”=“C:\Program Files\MKS\Bin\mks_menu.exe” “ABREGMON”=“C:\Program Files\MKS\Bin\ABregmon.exe” “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “SYSTEM”=“winmgrd.exe” “Microsoft Directx click”=“directxclick.exe” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices] “SYSTEM”=“winmgrd.exe” “Microsoft Directx click”=“directxclick.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “SYSTEM”=“winmgrd.exe” “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" “Microsoft Directx click”=“directxclick.exe” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “SYSTEM”=“winmgrd.exe” “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" “Microsoft Directx click”=“directxclick.exe” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{272f4aca-9f31-11db-b6ba-000e501d0478}] Shell\AutoRun\command G:\SETUP.EXE /AUTORUN Shell\configure\command G:\SETUP.EXE Shell\install\command G:\SETUP.EXE Completion time: 07-01-25 13:00:40 GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-25 13:23:36 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service C:\Program Files\MKS\Bin\NetMonSV.exe [AUTO] ABNetMon Service [DISABLED] abp480n5 Service C:\Program Files\MKS\Bin\ABTDI.sys [sYSTEM] ABTDI Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service C:\WINDOWS\System32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service C:\WINDOWS\system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\TEMP\mc21.tmp [DISABLED] mchInjDrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service C:\Program Files\MKS\Bin\MksMonEn.sys [MANUAL] MksMonEn Service C:\Program Files\MKS\Bin\MksMonEv.sys [MANUAL] MksMonEv Service C:\Program Files\MKS\Bin\MksMonFd.sys [MANUAL] MksMonFd Service C:\Program Files\MKS\bin\MkSUpdateInt.exe [MANUAL] MkSUpdateInt Service C:\Program Files\MKS\Bin\mksmonsv.exe [AUTO] MksVirMonSvc Service C:\Program Files\MKS\Bin\mks_scan.exe [MANUAL] MkS_Scan Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\Documents and Settings\admin\msdirectxclk.sys [MANUAL] msdirectxclick Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\Program Files\Spyware Doctor\sdhelp.exe [AUTO] SDhelper Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {F2D4B5D4-D798-4875-B24C-E17B34C9247D} ---- EOF - GMER 1.0.12 ---- i jak to widzisz wodzu ?

adam9870 · Styczeń 26, 2017, 11:26po południu

Użyj progrmu ATF Cleaner i przeczyść Windows Temp.

Uruchom system w trybie awaryjnym tak jak poprzednio, następnie uruchom Gmer’a i w zakładce CMD z zaznaczoną opcją CMD.EXE wklej:

gmer -killall gmer -del service msdirectxclick gmer -del service mchInjDrv gmer -del file C:\Documents and Settings\admin\msdirectxclk.sys gmer -del file C:\FOUND.017 gmer -del file C:!KillBox gmer -del file C:\FOUND.016 gmer -del file C:\FOUND.015 gmer -del file C:\WINDOWS\system32\directxclickers.exe gmer -del file C:\FOUND.014 gmer -del file C:\WINDOWS\system32\urdvxc.exe gmer -del file C:\WINDOWS\system32.exe gmer -del file C:\FOUND.012 gmer -del file C:\FOUND.013 gmer -del file C:\FOUND.011 gmer -del file C:\FOUND.010 gmer -del file C:\FOUND.009 gmer -del file C:\FOUND.007 gmer -del file C:\FOUND.006 gmer -del file C:\FOUND.005 gmer -del file C:\FOUND.004 gmer -del file C:\FOUND.003 gmer -del file C:\FOUND.002 gmer -del file C:\FOUND.001 gmer -del file C:\FOUND.000 gmer -del file C:\WINDOWS\system32\directxclick.exe gmer -reboot

Kliknij Uruchom i zniknie pulpit etc. i będzie restart.

Przeskanuj plik:

na stronie http://virusscan.jotti.org/, a jeśli okaże się szkodnikiem - usuń ręcznie w trybie awaryjnym.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Po wykonaniu nowy log z ComboFix’a i Gmer’a.

k_milek_k · Styczeń 26, 2017, 11:26po południu

ComboFix 07-01-25 - Running from: “C:\Documents and Settings\admin\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 )))))))))))))))))))))))))))))))))) 2007-01-25 14:45 2007-01-25 12:48 94 --a------ C:\WINDOWS\gmer.reg 2007-01-25 12:41 2007-01-25 11:17 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-01-25 11:03 2007-01-25 10:22 2007-01-24 18:05 2007-01-24 14:47 2007-01-24 14:47 2007-01-24 14:47 2007-01-24 14:46 2007-01-24 10:28 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-01-24 10:28 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-01-24 10:28 2007-01-24 10:28 2007-01-23 22:55 0 --a------ C:\WINDOWS\system32\directxclickers.exe 2007-01-23 17:05 2007-01-23 09:30 2007-01-22 14:29 2007-01-22 13:11 2007-01-22 11:04 2007-01-22 11:02 2007-01-22 11:01 2007-01-19 19:13 2007-01-16 15:47 2007-01-15 11:51 2007-01-14 07:31 2007-01-13 14:24 2007-01-13 14:24 2007-01-13 07:32 2007-01-12 12:41 2007-01-10 18:12 2007-01-10 07:23 2007-01-09 08:10 2007-01-08 17:04 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-01-08 17:03 2007-01-08 16:58 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-01-08 16:58 2007-01-08 16:56 89,984 --a------ C:\WINDOWS\system32\drivers\sptd1005.sys 2007-01-08 16:56 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-08 15:50 2007-01-08 15:49 2007-01-08 15:48 2007-01-08 15:48 2007-01-06 10:01 2007-01-05 18:11 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-01-05 18:11 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-01-05 18:11 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-01-05 13:04 2007-01-04 08:07 2007-01-01 21:59 2007-01-01 21:59 2007-01-01 21:58 2007-01-01 21:53 2007-01-01 20:41 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-01-01 20:41 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-01-01 20:41 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-01-01 20:41 159,232 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-01-01 20:41 122,472 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-01-01 20:37 6,400 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-01-01 20:37 57,472 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-01-01 20:37 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-01-01 20:37 42,752 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-01-01 20:37 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-01-01 20:37 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-01-01 20:37 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-01-01 20:36 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-01-01 20:36 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll 2007-01-01 20:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-01-01 20:36 134,144 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-01-01 20:31 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-01-01 20:31 151,552 --------- C:\WINDOWS\system32\pxwma.dll 2007-01-01 20:31 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-01-01 20:31 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-01-01 20:31 2007-01-01 20:09 2007-01-01 20:07 100,482 --a------ C:\WINDOWS\UninstallFirefox.exe 2007-01-01 20:07 2007-01-01 20:00 991,232 --a------ C:\WINDOWS\system32\virtear.dll 2007-01-01 20:00 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll 2007-01-01 20:00 765,952 --a------ C:\WINDOWS\system\crlds3d.dll 2007-01-01 20:00 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll 2007-01-01 20:00 720,896 --a------ C:\WINDOWS\system32\a3d.dll 2007-01-01 20:00 578,368 --a------ C:\WINDOWS\system32\drivers\smwdm.sys 2007-01-01 20:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-01-01 20:00 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll 2007-01-01 20:00 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe 2007-01-01 20:00 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll 2007-01-01 20:00 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe 2007-01-01 20:00 44 --a------ C:\WINDOWS\system32\msssc.dll 2007-01-01 20:00 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys 2007-01-01 20:00 380,928 --a------ C:\WINDOWS\SynCor.exe 2007-01-01 20:00 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll 2007-01-01 20:00 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys 2007-01-01 20:00 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll 2007-01-01 20:00 2007-01-01 20:00 2007-01-01 19:59 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-01-01 19:59 265 --a------ C:\WINDOWS\mks.bat 2007-01-01 19:58 2007-01-01 18:55 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2007-01-01 18:54 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys 2007-01-01 18:54 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys 2007-01-01 18:54 5,606 --a------ C:\WINDOWS\system32\stci.dll 2007-01-01 18:54 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys 2007-01-01 18:54 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys 2007-01-01 18:54 2007-01-01 18:54 2007-01-01 18:54 2007-01-01 18:52 2007-01-01 18:52 2007-01-01 18:51 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:39 2007-01-01 18:39 2007-01-01 18:38 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-01-01 18:38 0 -rahs---- C:\MSDOS.SYS 2007-01-01 18:38 0 -rahs---- C:\IO.SYS 2007-01-01 18:38 0 --a------ C:\CONFIG.SYS 2007-01-01 18:38 0 --a------ C:\AUTOEXEC.BAT 2007-01-01 18:37 179,200 --a------ C:\WINDOWS\system32\qmgr.dll 2007-01-01 18:37 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:36 90,624 --a------ C:\WINDOWS\system32\msoert2.dll 2007-01-01 18:36 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2007-01-01 18:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-01-01 18:36 73,728 --a------ C:\WINDOWS\system32\ils.dll 2007-01-01 18:36 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-01-01 18:36 69,632 --a------ C:\WINDOWS\system32\icwdial.dll 2007-01-01 18:36 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-01-01 18:36 65,536 --a------ C:\WINDOWS\system32\msconf.dll 2007-01-01 18:36 61,952 --a------ C:\WINDOWS\system32\srclient.dll 2007-01-01 18:36 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-01-01 18:36 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-01-01 18:36 49,152 --a------ C:\WINDOWS\system32\inetres.dll 2007-01-01 18:36 40,960 --a------ C:\WINDOWS\system32\safrslv.dll 2007-01-01 18:36 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-01-01 18:36 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-01-01 18:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-01-01 18:36 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-01-01 18:36 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-01-01 18:36 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-01-01 18:36 26,624 --a------ C:\WINDOWS\system32\safrdm.dll 2007-01-01 18:36 253,440 --a------ C:\WINDOWS\system32\mstask.dll 2007-01-01 18:36 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-01-01 18:36 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-01-01 18:36 219,136 --a------ C:\WINDOWS\system32\srrstr.dll 2007-01-01 18:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-01-01 18:36 159,744 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-01-01 18:36 155,648 --a------ C:\WINDOWS\system32\srsvc.dll 2007-01-01 18:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-01-01 18:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:35 99,328 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-01-01 18:35 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-01-01 18:35 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-01-01 18:35 89,600 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-01-01 18:35 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-01-01 18:35 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-01-01 18:35 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-01-01 18:35 61,952 --a------ C:\WINDOWS\system32\rdshost.exe 2007-01-01 18:35 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-01-01 18:35 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-01-01 18:35 56,832 --a------ C:\WINDOWS\system32\remotepg.dll 2007-01-01 18:35 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-01-01 18:35 534,016 --a------ C:\WINDOWS\system32\spider.exe 2007-01-01 18:35 503,296 --a------ C:\WINDOWS\system32\mstscax.dll 2007-01-01 18:35 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-01-01 18:35 494,592 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-01-01 18:35 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-01-01 18:35 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-01-01 18:35 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-01-01 18:35 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-01-01 18:35 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-01-01 18:35 387,072 --a------ C:\WINDOWS\system32\mstsc.exe 2007-01-01 18:35 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-01-01 18:35 342,016 --a------ C:\WINDOWS\system32\mspaint.exe 2007-01-01 18:35 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-01-01 18:35 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-01-01 18:35 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-01-01 18:35 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-01-01 18:35 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-01-01 18:35 198,656 --a------ C:\WINDOWS\system32\termsrv.dll 2007-01-01 18:35 19,456 --a------ C:\WINDOWS\system32\qprocess.exe 2007-01-01 18:35 183,296 --a------ C:\WINDOWS\system32\accwiz.exe 2007-01-01 18:35 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-01-01 18:35 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-01-01 18:35 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-01-01 18:35 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-01-01 18:35 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-01-01 18:35 134,656 --a------ C:\WINDOWS\system32\rdchost.dll 2007-01-01 18:35 131,072 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-01-01 18:35 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-01-01 18:35 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-01-01 18:35 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-01-01 18:35 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-01-01 18:35 118,272 --a------ C:\WINDOWS\system32\mplay32.exe 2007-01-01 18:35 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-01-01 18:35 113,664 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-01-01 18:35 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-01-01 18:35 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-01-01 18:35 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:34 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-01-01 18:34 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-01-01 18:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-01-01 18:34 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-01-01 18:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-01-01 18:34 8,704 --a------ C:\WINDOWS\system32\icaapi.dll 2007-01-01 18:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-01-01 18:34 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-01-01 18:34 57,344 --a------ C:\WINDOWS\system32\licwmi.dll 2007-01-01 18:34 56,832 --a------ C:\WINDOWS\system32\colbact.dll 2007-01-01 18:34 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-01-01 18:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-01-01 18:34 53,248 --a------ C:\WINDOWS\system32\servdeps.dll 2007-01-01 18:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-01-01 18:34 495,616 --a------ C:\WINDOWS\system32\comuid.dll 2007-01-01 18:34 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-01-01 18:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-01-01 18:34 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-01-01 18:34 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-01-01 18:34 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-01-01 18:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-01-01 18:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-01-01 18:34 215,040 --a------ C:\WINDOWS\system32\catsrv.dll 2007-01-01 18:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-01-01 18:34 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-01-01 18:34 177,152 --a------ C:\WINDOWS\system32\cmprops.dll 2007-01-01 18:34 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-01-01 18:34 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-01-01 18:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-01-01 18:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-01-01 18:34 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-01-01 18:34 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-01-01 18:34 2007-01-01 18:34 2007-01-01 18:30 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-01-01 18:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-01-01 18:29 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-01-01 18:29 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys 2007-01-01 18:29 70,144 --a------ C:\WINDOWS\system32\usbui.dll 2007-01-01 18:29 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-01-01 18:29 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll 2007-01-01 18:28 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-01-01 18:28 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-01-01 18:28 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-01-01 18:28 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-01-01 18:28 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-01-01 18:28 71,680 --a------ C:\WINDOWS\system32\storprop.dll 2007-01-01 18:28 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-01-01 18:28 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-01-01 18:28 69,712 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-01-01 18:28 67,072 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-01-01 18:28 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\batt.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-01-01 18:28 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-01-01 18:28 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-01-01 18:28 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-01-01 18:28 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-01-01 18:28 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-01-01 18:28 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-01-01 18:28 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-01-01 18:28 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-01-01 18:28 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-01-01 18:28 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-01-01 18:28 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-01-01 18:28 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-01-01 18:28 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-01-01 18:28 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-03 08:43 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\macromedia 2007-01-01 20:07 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\mozilla 2007-01-01 18:48 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\identities 2007-01-01 18:35 -------- d-------- C:\Program Files\usugi online 2007-01-01 18:28 62 --ahs---- C:\DOCUME~1\admin\Dane aplikacji\desktop.ini 2007-01-01 18:27 -------- d—s---- C:\DOCUME~1\admin\Dane aplikacji\microsoft (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “MKS_MENU”=“C:\Program Files\MKS\Bin\mks_menu.exe” “ABREGMON”=“C:\Program Files\MKS\Bin\ABregmon.exe” “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Completion time: 07-01-25 15:27:20 C:\ComboFix2.txt … 07-01-25 13:00

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-25 15:30:26 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service C:\Program Files\MKS\Bin\NetMonSV.exe [AUTO] ABNetMon Service [DISABLED] abp480n5 Service C:\Program Files\MKS\Bin\ABTDI.sys [sYSTEM] ABTDI Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service C:\WINDOWS\System32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service C:\WINDOWS\system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\TEMP\mc21.tmp [DISABLED] mchInjDrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service C:\Program Files\MKS\Bin\MksMonEn.sys [MANUAL] MksMonEn Service C:\Program Files\MKS\Bin\MksMonEv.sys [MANUAL] MksMonEv Service C:\Program Files\MKS\Bin\MksMonFd.sys [MANUAL] MksMonFd Service C:\Program Files\MKS\bin\MkSUpdateInt.exe [MANUAL] MkSUpdateInt Service C:\Program Files\MKS\Bin\mksmonsv.exe [AUTO] MksVirMonSvc Service C:\Program Files\MKS\Bin\mks_scan.exe [MANUAL] MkS_Scan Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\Program Files\Spyware Doctor\sdhelp.exe [AUTO] SDhelper Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {F2D4B5D4-D798-4875-B24C-E17B34C9247D} ---- EOF - GMER 1.0.12 ----

adam9870 · Styczeń 26, 2017, 11:26po południu

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

W Gmerze kliknij Gmer awaryjny. Teraz wystartuje system z najpotrzebniejszymi rzeczami i z Gmerem. I teraz w Gmerze:

w zakładce Procesy kliknij Pliki i usuń wszystko co znajduje się w katalogu C:\WINDOWS\TEMP
w zakładce Procesy przez trzy kropki wskaż FIX.BAT i uruchom go w ten sposób.

Potem zrestartuj komputer (ręcznie - przyciskiem na obudowie komputera) i pokaż nowe logi - GMER (usługi+pokazuj wszystko) oraz ComboFix. Dodatkowo pokaż zwykły log z Gmer’a:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

k_milek_k · Styczeń 26, 2017, 11:26po południu

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-25 16:14:38 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service C:\Program Files\MKS\Bin\NetMonSV.exe [AUTO] ABNetMon Service [DISABLED] abp480n5 Service C:\Program Files\MKS\Bin\ABTDI.sys [sYSTEM] ABTDI Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service C:\WINDOWS\System32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service C:\WINDOWS\system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\TEMP\mc21.tmp [DISABLED] mchInjDrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service C:\Program Files\MKS\Bin\MksMonEn.sys [MANUAL] MksMonEn Service C:\Program Files\MKS\Bin\MksMonEv.sys [MANUAL] MksMonEv Service C:\Program Files\MKS\Bin\MksMonFd.sys [MANUAL] MksMonFd Service C:\Program Files\MKS\bin\MkSUpdateInt.exe [MANUAL] MkSUpdateInt Service C:\Program Files\MKS\Bin\mksmonsv.exe [AUTO] MksVirMonSvc Service C:\Program Files\MKS\Bin\mks_scan.exe [MANUAL] MkS_Scan Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\Program Files\Spyware Doctor\sdhelp.exe [AUTO] SDhelper Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {F2D4B5D4-D798-4875-B24C-E17B34C9247D} ---- EOF - GMER 1.0.12 ----

ComboFix 07-01-25 - Running from: “C:\Documents and Settings\admin\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 )))))))))))))))))))))))))))))))))) 2007-01-25 14:45 2007-01-25 12:48 94 --a------ C:\WINDOWS\gmer.reg 2007-01-25 12:41 2007-01-25 11:17 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-01-25 11:03 2007-01-25 10:22 2007-01-24 18:05 2007-01-24 14:47 2007-01-24 14:47 2007-01-24 14:47 2007-01-24 14:46 2007-01-24 10:28 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-01-24 10:28 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-01-24 10:28 2007-01-24 10:28 2007-01-23 22:55 0 --a------ C:\WINDOWS\system32\directxclickers.exe 2007-01-23 17:05 2007-01-23 09:30 2007-01-22 14:29 2007-01-22 13:11 2007-01-22 11:04 2007-01-22 11:02 2007-01-22 11:01 2007-01-19 19:13 2007-01-16 15:47 2007-01-15 11:51 2007-01-14 07:31 2007-01-13 14:24 2007-01-13 14:24 2007-01-13 07:32 2007-01-12 12:41 2007-01-10 18:12 2007-01-10 07:23 2007-01-09 08:10 2007-01-08 17:04 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-01-08 17:03 2007-01-08 16:58 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-01-08 16:58 2007-01-08 16:56 89,984 --a------ C:\WINDOWS\system32\drivers\sptd1005.sys 2007-01-08 16:56 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-08 15:50 2007-01-08 15:49 2007-01-08 15:48 2007-01-08 15:48 2007-01-06 10:01 2007-01-05 18:11 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-01-05 18:11 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-01-05 18:11 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-01-05 13:04 2007-01-04 08:07 2007-01-01 21:59 2007-01-01 21:59 2007-01-01 21:58 2007-01-01 21:53 2007-01-01 20:41 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-01-01 20:41 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-01-01 20:41 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-01-01 20:41 159,232 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-01-01 20:41 122,472 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-01-01 20:37 6,400 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-01-01 20:37 57,472 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-01-01 20:37 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-01-01 20:37 42,752 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-01-01 20:37 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-01-01 20:37 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-01-01 20:37 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-01-01 20:36 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-01-01 20:36 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll 2007-01-01 20:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-01-01 20:36 134,144 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-01-01 20:31 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-01-01 20:31 151,552 --------- C:\WINDOWS\system32\pxwma.dll 2007-01-01 20:31 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-01-01 20:31 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-01-01 20:31 2007-01-01 20:09 2007-01-01 20:07 100,482 --a------ C:\WINDOWS\UninstallFirefox.exe 2007-01-01 20:07 2007-01-01 20:00 991,232 --a------ C:\WINDOWS\system32\virtear.dll 2007-01-01 20:00 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll 2007-01-01 20:00 765,952 --a------ C:\WINDOWS\system\crlds3d.dll 2007-01-01 20:00 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll 2007-01-01 20:00 720,896 --a------ C:\WINDOWS\system32\a3d.dll 2007-01-01 20:00 578,368 --a------ C:\WINDOWS\system32\drivers\smwdm.sys 2007-01-01 20:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-01-01 20:00 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll 2007-01-01 20:00 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe 2007-01-01 20:00 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll 2007-01-01 20:00 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe 2007-01-01 20:00 44 --a------ C:\WINDOWS\system32\msssc.dll 2007-01-01 20:00 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys 2007-01-01 20:00 380,928 --a------ C:\WINDOWS\SynCor.exe 2007-01-01 20:00 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll 2007-01-01 20:00 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys 2007-01-01 20:00 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll 2007-01-01 20:00 2007-01-01 20:00 2007-01-01 19:59 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-01-01 19:59 265 --a------ C:\WINDOWS\mks.bat 2007-01-01 19:58 2007-01-01 18:55 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2007-01-01 18:54 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys 2007-01-01 18:54 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys 2007-01-01 18:54 5,606 --a------ C:\WINDOWS\system32\stci.dll 2007-01-01 18:54 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys 2007-01-01 18:54 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys 2007-01-01 18:54 2007-01-01 18:54 2007-01-01 18:54 2007-01-01 18:52 2007-01-01 18:52 2007-01-01 18:51 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:39 2007-01-01 18:39 2007-01-01 18:38 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-01-01 18:38 0 -rahs---- C:\MSDOS.SYS 2007-01-01 18:38 0 -rahs---- C:\IO.SYS 2007-01-01 18:38 0 --a------ C:\CONFIG.SYS 2007-01-01 18:38 0 --a------ C:\AUTOEXEC.BAT 2007-01-01 18:37 179,200 --a------ C:\WINDOWS\system32\qmgr.dll 2007-01-01 18:37 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:36 90,624 --a------ C:\WINDOWS\system32\msoert2.dll 2007-01-01 18:36 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2007-01-01 18:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-01-01 18:36 73,728 --a------ C:\WINDOWS\system32\ils.dll 2007-01-01 18:36 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-01-01 18:36 69,632 --a------ C:\WINDOWS\system32\icwdial.dll 2007-01-01 18:36 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-01-01 18:36 65,536 --a------ C:\WINDOWS\system32\msconf.dll 2007-01-01 18:36 61,952 --a------ C:\WINDOWS\system32\srclient.dll 2007-01-01 18:36 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-01-01 18:36 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-01-01 18:36 49,152 --a------ C:\WINDOWS\system32\inetres.dll 2007-01-01 18:36 40,960 --a------ C:\WINDOWS\system32\safrslv.dll 2007-01-01 18:36 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-01-01 18:36 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-01-01 18:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-01-01 18:36 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-01-01 18:36 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-01-01 18:36 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-01-01 18:36 26,624 --a------ C:\WINDOWS\system32\safrdm.dll 2007-01-01 18:36 253,440 --a------ C:\WINDOWS\system32\mstask.dll 2007-01-01 18:36 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-01-01 18:36 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-01-01 18:36 219,136 --a------ C:\WINDOWS\system32\srrstr.dll 2007-01-01 18:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-01-01 18:36 159,744 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-01-01 18:36 155,648 --a------ C:\WINDOWS\system32\srsvc.dll 2007-01-01 18:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-01-01 18:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:35 99,328 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-01-01 18:35 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-01-01 18:35 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-01-01 18:35 89,600 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-01-01 18:35 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-01-01 18:35 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-01-01 18:35 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-01-01 18:35 61,952 --a------ C:\WINDOWS\system32\rdshost.exe 2007-01-01 18:35 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-01-01 18:35 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-01-01 18:35 56,832 --a------ C:\WINDOWS\system32\remotepg.dll 2007-01-01 18:35 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-01-01 18:35 534,016 --a------ C:\WINDOWS\system32\spider.exe 2007-01-01 18:35 503,296 --a------ C:\WINDOWS\system32\mstscax.dll 2007-01-01 18:35 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-01-01 18:35 494,592 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-01-01 18:35 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-01-01 18:35 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-01-01 18:35 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-01-01 18:35 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-01-01 18:35 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-01-01 18:35 387,072 --a------ C:\WINDOWS\system32\mstsc.exe 2007-01-01 18:35 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-01-01 18:35 342,016 --a------ C:\WINDOWS\system32\mspaint.exe 2007-01-01 18:35 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-01-01 18:35 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-01-01 18:35 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-01-01 18:35 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-01-01 18:35 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-01-01 18:35 198,656 --a------ C:\WINDOWS\system32\termsrv.dll 2007-01-01 18:35 19,456 --a------ C:\WINDOWS\system32\qprocess.exe 2007-01-01 18:35 183,296 --a------ C:\WINDOWS\system32\accwiz.exe 2007-01-01 18:35 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-01-01 18:35 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-01-01 18:35 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-01-01 18:35 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-01-01 18:35 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-01-01 18:35 134,656 --a------ C:\WINDOWS\system32\rdchost.dll 2007-01-01 18:35 131,072 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-01-01 18:35 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-01-01 18:35 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-01-01 18:35 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-01-01 18:35 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-01-01 18:35 118,272 --a------ C:\WINDOWS\system32\mplay32.exe 2007-01-01 18:35 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-01-01 18:35 113,664 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-01-01 18:35 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-01-01 18:35 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-01-01 18:35 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:34 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-01-01 18:34 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-01-01 18:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-01-01 18:34 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-01-01 18:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-01-01 18:34 8,704 --a------ C:\WINDOWS\system32\icaapi.dll 2007-01-01 18:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-01-01 18:34 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-01-01 18:34 57,344 --a------ C:\WINDOWS\system32\licwmi.dll 2007-01-01 18:34 56,832 --a------ C:\WINDOWS\system32\colbact.dll 2007-01-01 18:34 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-01-01 18:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-01-01 18:34 53,248 --a------ C:\WINDOWS\system32\servdeps.dll 2007-01-01 18:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-01-01 18:34 495,616 --a------ C:\WINDOWS\system32\comuid.dll 2007-01-01 18:34 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-01-01 18:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-01-01 18:34 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-01-01 18:34 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-01-01 18:34 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-01-01 18:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-01-01 18:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-01-01 18:34 215,040 --a------ C:\WINDOWS\system32\catsrv.dll 2007-01-01 18:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-01-01 18:34 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-01-01 18:34 177,152 --a------ C:\WINDOWS\system32\cmprops.dll 2007-01-01 18:34 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-01-01 18:34 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-01-01 18:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-01-01 18:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-01-01 18:34 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-01-01 18:34 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-01-01 18:34 2007-01-01 18:34 2007-01-01 18:30 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-01-01 18:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-01-01 18:29 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-01-01 18:29 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys 2007-01-01 18:29 70,144 --a------ C:\WINDOWS\system32\usbui.dll 2007-01-01 18:29 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-01-01 18:29 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll 2007-01-01 18:28 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-01-01 18:28 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-01-01 18:28 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-01-01 18:28 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-01-01 18:28 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-01-01 18:28 71,680 --a------ C:\WINDOWS\system32\storprop.dll 2007-01-01 18:28 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-01-01 18:28 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-01-01 18:28 69,712 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-01-01 18:28 67,072 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-01-01 18:28 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\batt.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-01-01 18:28 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-01-01 18:28 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-01-01 18:28 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-01-01 18:28 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-01-01 18:28 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-01-01 18:28 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-01-01 18:28 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-01-01 18:28 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-01-01 18:28 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-01-01 18:28 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-01-01 18:28 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-01-01 18:28 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-01-01 18:28 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-01-01 18:28 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-03 08:43 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\macromedia 2007-01-01 20:07 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\mozilla 2007-01-01 18:48 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\identities 2007-01-01 18:35 -------- d-------- C:\Program Files\usˆugi online 2007-01-01 18:28 62 --ahs---- C:\DOCUME~1\admin\Dane aplikacji\desktop.ini 2007-01-01 18:27 -------- d—s---- C:\DOCUME~1\admin\Dane aplikacji\microsoft (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “MKS_MENU”=“C:\Program Files\MKS\Bin\mks_menu.exe” “ABREGMON”=“C:\Program Files\MKS\Bin\ABregmon.exe” “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Completion time: 07-01-25 16:24:12 C:\ComboFix3.txt … 07-01-25 13:00 C:\ComboFix2.txt … 07-01-25 15:27

adam9870 · Styczeń 26, 2017, 11:27po południu

Pobierz The avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w lupkę => w okienku, które się otworzy wklej:

=> Kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po resecie może pojawić się okienko na dosłownie kilka sekund oraz log w notatniku. Wejdź tam gdzie masz avangera i skasuj plik backup.zip czyli np. c:\avanger\backup.zip.

Po wykonaniu pokaż nowy log z gmera (usługi+pokazuj wszystko) oraz combofix.

k_milek_k · Styczeń 26, 2017, 11:27po południu

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-25 22:02:02 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service C:\Program Files\MKS\Bin\NetMonSV.exe [AUTO] ABNetMon Service [DISABLED] abp480n5 Service C:\Program Files\MKS\Bin\ABTDI.sys [sYSTEM] ABTDI Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service C:\WINDOWS\System32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS Service [sYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\system32\drivers\ikhfile.sys [sYSTEM] ikhfile Service C:\WINDOWS\system32\drivers\ikhlayer.sys [sYSTEM] ikhlayer Service [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\TEMP\mc21.tmp [DISABLED] mchInjDrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service C:\Program Files\MKS\Bin\MksMonEn.sys [MANUAL] MksMonEn Service C:\Program Files\MKS\Bin\MksMonEv.sys [MANUAL] MksMonEv Service C:\Program Files\MKS\Bin\MksMonFd.sys [MANUAL] MksMonFd Service C:\Program Files\MKS\bin\MkSUpdateInt.exe [MANUAL] MkSUpdateInt Service C:\Program Files\MKS\Bin\mksmonsv.exe [AUTO] MksVirMonSvc Service C:\Program Files\MKS\Bin\mks_scan.exe [MANUAL] MkS_Scan Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4.sys [MANUAL] nv4 Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\Program Files\Spyware Doctor\sdhelp.exe [AUTO] SDhelper Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [AUTO] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {F2D4B5D4-D798-4875-B24C-E17B34C9247D} ---- EOF - GMER 1.0.12 ----

ComboFix 07-01-25 - Running from: “C:\Documents and Settings\admin\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 )))))))))))))))))))))))))))))))))) 2007-01-25 21:54 2007-01-25 19:27 2007-01-25 12:48 94 --a------ C:\WINDOWS\gmer.reg 2007-01-25 11:17 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-01-24 14:47 2007-01-24 14:47 2007-01-24 14:47 2007-01-24 14:46 2007-01-24 10:28 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-01-24 10:28 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-01-24 10:28 2007-01-24 10:28 2007-01-23 09:30 2007-01-22 11:02 2007-01-22 11:01 2007-01-15 11:51 2007-01-13 14:24 2007-01-13 14:24 2007-01-08 17:04 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-01-08 17:03 2007-01-08 16:58 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-01-08 16:58 2007-01-08 16:56 89,984 --a------ C:\WINDOWS\system32\drivers\sptd1005.sys 2007-01-08 16:56 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-08 15:50 2007-01-08 15:49 2007-01-08 15:48 2007-01-08 15:48 2007-01-05 18:11 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-01-05 18:11 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-01-05 18:11 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-01-05 18:11 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-01-01 21:59 2007-01-01 21:59 2007-01-01 21:58 2007-01-01 21:53 2007-01-01 20:41 79,616 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-01-01 20:41 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-01-01 20:41 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-01-01 20:41 159,232 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-01-01 20:41 122,472 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-01-01 20:37 6,400 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-01-01 20:37 57,472 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-01-01 20:37 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-01-01 20:37 42,752 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-01-01 20:37 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-01-01 20:37 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-01-01 20:37 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-01-01 20:36 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-01-01 20:36 40,820 --a------ C:\WINDOWS\system32\Syncor11.dll 2007-01-01 20:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-01-01 20:36 134,144 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-01-01 20:31 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-01-01 20:31 151,552 --------- C:\WINDOWS\system32\pxwma.dll 2007-01-01 20:31 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-01-01 20:31 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-01-01 20:31 2007-01-01 20:09 2007-01-01 20:07 100,482 --a------ C:\WINDOWS\UninstallFirefox.exe 2007-01-01 20:07 2007-01-01 20:00 991,232 --a------ C:\WINDOWS\system32\virtear.dll 2007-01-01 20:00 978,944 --a------ C:\WINDOWS\SynthCoreA.Dll 2007-01-01 20:00 765,952 --a------ C:\WINDOWS\system\crlds3d.dll 2007-01-01 20:00 720,896 --a------ C:\WINDOWS\system32\Audio3d.dll 2007-01-01 20:00 720,896 --a------ C:\WINDOWS\system32\a3d.dll 2007-01-01 20:00 578,368 --a------ C:\WINDOWS\system32\drivers\smwdm.sys 2007-01-01 20:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-01-01 20:00 49,152 --a------ C:\WINDOWS\system32\S11thk32.dll 2007-01-01 20:00 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe 2007-01-01 20:00 45,056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll 2007-01-01 20:00 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe 2007-01-01 20:00 44 --a------ C:\WINDOWS\system32\msssc.dll 2007-01-01 20:00 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys 2007-01-01 20:00 380,928 --a------ C:\WINDOWS\SynCor.exe 2007-01-01 20:00 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll 2007-01-01 20:00 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys 2007-01-01 20:00 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll 2007-01-01 20:00 2007-01-01 20:00 2007-01-01 19:59 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-01-01 19:59 265 --a------ C:\WINDOWS\mks.bat 2007-01-01 19:58 2007-01-01 18:55 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2007-01-01 18:54 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys 2007-01-01 18:54 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys 2007-01-01 18:54 5,606 --a------ C:\WINDOWS\system32\stci.dll 2007-01-01 18:54 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys 2007-01-01 18:54 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys 2007-01-01 18:54 2007-01-01 18:54 2007-01-01 18:54 2007-01-01 18:52 2007-01-01 18:52 2007-01-01 18:51 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:48 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:42 2007-01-01 18:39 2007-01-01 18:39 2007-01-01 18:38 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-01-01 18:38 0 -rahs---- C:\MSDOS.SYS 2007-01-01 18:38 0 -rahs---- C:\IO.SYS 2007-01-01 18:38 0 --a------ C:\CONFIG.SYS 2007-01-01 18:38 0 --a------ C:\AUTOEXEC.BAT 2007-01-01 18:37 179,200 --a------ C:\WINDOWS\system32\qmgr.dll 2007-01-01 18:37 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:37 2007-01-01 18:36 90,624 --a------ C:\WINDOWS\system32\msoert2.dll 2007-01-01 18:36 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2007-01-01 18:36 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-01-01 18:36 73,728 --a------ C:\WINDOWS\system32\ils.dll 2007-01-01 18:36 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-01-01 18:36 69,632 --a------ C:\WINDOWS\system32\icwdial.dll 2007-01-01 18:36 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-01-01 18:36 65,536 --a------ C:\WINDOWS\system32\msconf.dll 2007-01-01 18:36 61,952 --a------ C:\WINDOWS\system32\srclient.dll 2007-01-01 18:36 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-01-01 18:36 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-01-01 18:36 49,152 --a------ C:\WINDOWS\system32\inetres.dll 2007-01-01 18:36 40,960 --a------ C:\WINDOWS\system32\safrslv.dll 2007-01-01 18:36 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-01-01 18:36 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-01-01 18:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-01-01 18:36 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-01-01 18:36 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-01-01 18:36 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-01-01 18:36 26,624 --a------ C:\WINDOWS\system32\safrdm.dll 2007-01-01 18:36 253,440 --a------ C:\WINDOWS\system32\mstask.dll 2007-01-01 18:36 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-01-01 18:36 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-01-01 18:36 219,136 --a------ C:\WINDOWS\system32\srrstr.dll 2007-01-01 18:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-01-01 18:36 159,744 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-01-01 18:36 155,648 --a------ C:\WINDOWS\system32\srsvc.dll 2007-01-01 18:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-01-01 18:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:36 2007-01-01 18:35 99,328 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-01-01 18:35 95,744 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-01-01 18:35 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-01-01 18:35 89,600 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-01-01 18:35 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-01-01 18:35 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-01-01 18:35 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-01-01 18:35 61,952 --a------ C:\WINDOWS\system32\rdshost.exe 2007-01-01 18:35 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-01-01 18:35 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-01-01 18:35 56,832 --a------ C:\WINDOWS\system32\remotepg.dll 2007-01-01 18:35 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-01-01 18:35 534,016 --a------ C:\WINDOWS\system32\spider.exe 2007-01-01 18:35 503,296 --a------ C:\WINDOWS\system32\mstscax.dll 2007-01-01 18:35 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-01-01 18:35 494,592 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-01-01 18:35 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-01-01 18:35 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-01-01 18:35 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-01-01 18:35 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-01-01 18:35 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-01-01 18:35 387,072 --a------ C:\WINDOWS\system32\mstsc.exe 2007-01-01 18:35 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-01-01 18:35 342,016 --a------ C:\WINDOWS\system32\mspaint.exe 2007-01-01 18:35 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-01-01 18:35 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-01-01 18:35 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-01-01 18:35 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-01-01 18:35 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-01-01 18:35 198,656 --a------ C:\WINDOWS\system32\termsrv.dll 2007-01-01 18:35 19,456 --a------ C:\WINDOWS\system32\qprocess.exe 2007-01-01 18:35 183,296 --a------ C:\WINDOWS\system32\accwiz.exe 2007-01-01 18:35 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-01-01 18:35 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-01-01 18:35 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-01-01 18:35 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-01-01 18:35 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-01-01 18:35 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-01-01 18:35 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-01-01 18:35 134,656 --a------ C:\WINDOWS\system32\rdchost.dll 2007-01-01 18:35 131,072 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-01-01 18:35 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-01-01 18:35 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-01-01 18:35 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-01-01 18:35 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-01-01 18:35 118,272 --a------ C:\WINDOWS\system32\mplay32.exe 2007-01-01 18:35 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-01-01 18:35 113,664 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-01-01 18:35 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-01-01 18:35 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-01-01 18:35 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:35 2007-01-01 18:34 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-01-01 18:34 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-01-01 18:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-01-01 18:34 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-01-01 18:34 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-01-01 18:34 8,704 --a------ C:\WINDOWS\system32\icaapi.dll 2007-01-01 18:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-01-01 18:34 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-01-01 18:34 57,344 --a------ C:\WINDOWS\system32\licwmi.dll 2007-01-01 18:34 56,832 --a------ C:\WINDOWS\system32\colbact.dll 2007-01-01 18:34 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-01-01 18:34 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-01-01 18:34 53,248 --a------ C:\WINDOWS\system32\servdeps.dll 2007-01-01 18:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-01-01 18:34 495,616 --a------ C:\WINDOWS\system32\comuid.dll 2007-01-01 18:34 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-01-01 18:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-01-01 18:34 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-01-01 18:34 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-01-01 18:34 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-01-01 18:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-01-01 18:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-01-01 18:34 215,040 --a------ C:\WINDOWS\system32\catsrv.dll 2007-01-01 18:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-01-01 18:34 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-01-01 18:34 177,152 --a------ C:\WINDOWS\system32\cmprops.dll 2007-01-01 18:34 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-01-01 18:34 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-01-01 18:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-01-01 18:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-01-01 18:34 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-01-01 18:34 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-01-01 18:34 2007-01-01 18:34 2007-01-01 18:30 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-01-01 18:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-01-01 18:29 9,728 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-01-01 18:29 731,648 --a------ C:\WINDOWS\system32\drivers\nv4.sys 2007-01-01 18:29 70,144 --a------ C:\WINDOWS\system32\usbui.dll 2007-01-01 18:29 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-01-01 18:29 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll 2007-01-01 18:28 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-01-01 18:28 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-01-01 18:28 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-01-01 18:28 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-01-01 18:28 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-01-01 18:28 71,680 --a------ C:\WINDOWS\system32\storprop.dll 2007-01-01 18:28 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-01-01 18:28 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-01-01 18:28 69,712 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-01-01 18:28 67,072 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-01-01 18:28 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-01-01 18:28 6,656 --a------ C:\WINDOWS\system32\batt.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-01-01 18:28 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-01-01 18:28 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-01-01 18:28 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-01-01 18:28 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-01-01 18:28 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-01-01 18:28 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-01-01 18:28 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-01-01 18:28 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-01-01 18:28 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-01-01 18:28 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-01-01 18:28 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-01-01 18:28 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-01-01 18:28 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-01-01 18:28 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-01-01 18:28 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-01-01 18:28 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:28 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:27 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 2007-01-01 18:22 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-03 08:43 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\macromedia 2007-01-01 20:07 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\mozilla 2007-01-01 18:48 -------- d-------- C:\DOCUME~1\admin\Dane aplikacji\identities 2007-01-01 18:35 -------- d-------- C:\Program Files\usugi online 2007-01-01 18:28 62 --ahs---- C:\DOCUME~1\admin\Dane aplikacji\desktop.ini 2007-01-01 18:27 -------- d—s---- C:\DOCUME~1\admin\Dane aplikacji\microsoft (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “SpeedTouch USB Diagnostics”="“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “MKS_MENU”=“C:\Program Files\MKS\Bin\mks_menu.exe” “ABREGMON”=“C:\Program Files\MKS\Bin\ABregmon.exe” “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{272f4aca-9f31-11db-b6ba-000e501d0478}] Shell\AutoRun\command G:\SETUP.EXE /AUTORUN Shell\configure\command G:\SETUP.EXE Shell\install\command G:\SETUP.EXE Completion time: 07-01-25 22:10:47 C:\ComboFix3.txt … 07-01-25 15:27 C:\ComboFix2.txt … 07-01-25 16:24

i jak ?

Złączono Posty : 26.01.2007 (Pią) 11:48

poooooooodbijam

moze ktos sprwadzić ?