Zainfekowany system


(pakeroso) #1

Witam! Pomimo iż posiadam KIS7 (Win XP Pro) załapałem jakoś wczoraj uciążliwego babola. Przeczytałem kilka tematów ale nie potrafię poradzić sobie samemu, bo problem wciąż wraca, unieruchamiając mi Centrum zabezpieczeń, antywira z firewallem i tryb awaryjny.

Usunąłem wskazane przez Gmer hldrrr.exe i wintems.exe , Kasper wywalił kilka trojanów a Combo srosa.sys i wszystko wróciło do normy... na kilka minut, po czym zresetował się komp i wiry wróciły.

Zatem wszelkie porady i sugestie mile widziane.

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 05:00:52, on 2008-01-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\cFosSpeed\spd.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\BinarySense\hldasvc.exe

C:\Program Files\Common Files\BinarySense\hldasvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Pogoda\pogoda.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\EarthView\EarthView.exe

C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe

C:\Program Files\TClockLight\tclock.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [Kalendarz XP] "D:\Programy\Kalendarz XP\Kalendarz.exe"

O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [tray] C:\Program Files\Pogoda\pogoda.exe /tray

O4 - Startup: EarthView.lnk = C:\Program Files\EarthView\EarthView.exe

O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe

O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O4 - Startup: tclock.exe.lnk = C:\Program Files\TClockLight\tclock.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\CafeNews\addFeed.htm

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198879065281

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198879191140

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe


--

End of file - 9455 bytes

ComboFix


(pakeroso) #2

Gmer (tylko usługi)

GMER 1.0.13.12551 - http://www.gmer.net

Rootkit scan 2008-01-06 05:56:21

Windows 5.1.2600 Dodatek Service Pack 2---- Services - GMER 1.0.13 ----


Service .NET CLR Data

Service .NET CLR Networking

Service .NET Data Provider for Oracle

Service .NET Data Provider for SqlServer

Service .NETFramework

Service C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [MANUAL] aawservice

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI

Service [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD

Service C:\WINDOWS\system32\DRIVERS\agp440.sys [BOOT] agp440

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service ASP.NET

Service ASP.NET_1.1.4322

Service ASP.NET_2.0.50727

Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state

Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\system32\Ati2evxx.exe [DISABLED] Ati HotKey Poller

Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart

Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag

Service Atierecord

Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub

Service C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [AUTO] AVP

Service BattC

Service [SYSTEM] Beep

Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS

Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser

Service C:\WINDOWS\system32\DRIVERS\BthEnum.sys [MANUAL] BthEnum

Service C:\WINDOWS\system32\DRIVERS\bthmodem.sys [MANUAL] BTHMODEM

Service C:\WINDOWS\system32\DRIVERS\bthpan.sys [MANUAL] BthPan

Service C:\WINDOWS\System32\Drivers\BTHport.sys [MANUAL] BTHPORT

Service C:\WINDOWS\system32\svchost.exe [AUTO] BthServ

Service C:\WINDOWS\System32\Drivers\BTHUSB.sys [MANUAL] BTHUSB

Service [DISABLED] cbidf2k

Service [DISABLED] cd20xrnt

Service [SYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom

Service C:\WINDOWS\system32\DRIVERS\cfosspeed.sys [MANUAL] cFosSpeed

Service C:\Program Files\cFosSpeed\spd.exe [AUTO] cFosSpeedS

Service [SYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32

Service [DISABLED] CmdIde

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\CTsvcCDA.exe [AUTO] Creative Service for CDROM Access

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [MANUAL] ctsfm2k

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service [BOOT] DefragFS

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload

Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc

Service [SYSTEM] Fips

Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk

Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr

Service C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [MANUAL] FontCache3.0.0.0

Service [SYSTEM] Fs_Rec

Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk

Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service F:\INSTALL\GMSIPCI.SYS [MANUAL] GMSIPCI

Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\Program Files\Common Files\BinarySense\hldasvc.exe [AUTO] HDDlife HDD Access service

Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc

Service C:\WINDOWS\system32\DRIVERS\hidbth.sys [MANUAL] HidBth

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service [DISABLED] hpn

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service [SYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt

Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [MANUAL] idsvc

Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi

Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service C:\WINDOWS\system32\DRIVERS\intelide.sys [BOOT] IntelIde

Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [SYSTEM] intelppm

Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [DISABLED] Ip6Fw

Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec

Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp

Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass

Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [SYSTEM] kbdhid

Service C:\WINDOWS\system32\drivers\kl1.sys [BOOT] kl1

Service C:\WINDOWS\system32\drivers\klif.sys [SYSTEM] klif

Service C:\WINDOWS\system32\DRIVERS\klim5.sys [MANUAL] klim5

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [BOOT] KSecDD

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation

Service [SYSTEM] lbrtfdc

Service ldap

Service LicenseService

Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe [AUTO] LightScribeService

Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger

Service [SYSTEM] mnmdd

Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass

Service C:\WINDOWS\system32\DRIVERS\mouhid.sys [MANUAL] mouhid

Service [BOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb

Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC

Service MSDTC Bridge 3.0.0.0

Service [SYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service [BOOT] Mup

Service [BOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [MANUAL] ndiscm

Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio

Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS

Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [DISABLED] NetTcpPortSharing

Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla

Service C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [MANUAL] NMIndexingService

Service [SYSTEM] Npfs

Service F:\NTACCESS.sys [MANUAL] NTACCESS

Service [DISABLED] Ntfs

Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [SYSTEM] Null

Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [MANUAL] odserv

Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose

Service C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [MANUAL] ossrv

Service C:\WINDOWS\system32\drivers\P17.sys [MANUAL] P17

Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport

Service [BOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI

Service [SYSTEM] PCIDump

Service C:\WINDOWS\system32\DRIVERS\pciide.sys [BOOT] PCIIde

Service [DISABLED] Pcmcia

Service C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [MANUAL] PDAgent

Service [MANUAL] PDCOMP

Service C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [MANUAL] PDEngine

Service C:\Program Files\Raxco\PerfectDisk\PDExchange.exe [MANUAL] PDExchange

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent

Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD

Service RDPDD

Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry

Service C:\WINDOWS\system32\DRIVERS\rfcomm.sys [MANUAL] RFCOMM

Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP

Service C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [MANUAL] RTL8023xp

Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv

Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum

Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial

Service ServiceModelEndpoint 3.0.0.0

Service ServiceModelOperation 3.0.0.0

Service ServiceModelService 3.0.0.0

Service [SYSTEM] Sfloppy

Service C:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service SMSvcHost 3.0.0.0

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [MANUAL] Spooler

Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd

Service C:\WINDOWS\system32\DRIVERS\sr.sys [BOOT] sr

Service C:\WINDOWS\system32\drivers\srosa.sys [SYSTEM] srosa

Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV

Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [AUTO] StarWindServiceAE

Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc

Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service TSDDD

Service C:\WINDOWS\System32\TuneUpDefragService.exe [MANUAL] TuneUp.Defrag

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service UnlockerDriver5

Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service usb

Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci

Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci

Service C:\WINDOWS\System32\svchost.exe [AUTO] UxTuneUp

Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave

Service [DISABLED] ViaIde

Service [BOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time

Service W3SVC

Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient

Service Windows Workflow Foundation 3.0.0.0

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service WinSock2

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi

Service WmiApRpl

Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service C:\Program Files\Windows Media Player\WMPNetwk.exe [MANUAL] WMPNetworkSvc

Service [SYSTEM] WS2IFSL

Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc

Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv

Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys [MANUAL] WudfPf

Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys [MANUAL] WudfRd

Service C:\WINDOWS\system32\svchost.exe [MANUAL] WudfSvc

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov

Service ZoomoutScope

Service {29FAC05B-A329-4638-A8A2-6AE33D60D92B}

Service {37BE4343-4C5B-43AA-85A2-7F091CB1DC24}

Service {A6B4A103-54DF-4E2D-A86C-FC7403EF1949}

Service {B57790EC-51F7-40CC-AFB0-3376B27AC679}

Service [MANUAL] a1l8dogh


---- EOF - GMER 1.0.13 ----

loga Gmera z wszystkimi obiektami nie wrzuce bo w czasie skanowania restartuje sie maszyna :slight_smile:


(Gutek) #3

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"german.exe"=-

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Pobierz program SDFix

-


(pakeroso) #4

niestety po usunięciu tego germana tryb awaryjny nie powrócił


(Gutek) #5


(pakeroso) #6

z wielkim bólem ale udało się naprawić tryb awaryjny poprzez SafeBootKeyRepair

Log z SDFix

http://wklej.org/id/8f7729e8d0

:slight_smile:


(Gutek) #7

ATF-Cleaner - http://www.atribune.org/ccount/click.php?id=1 oczyść TEMP


(pakeroso) #8

TEMP wyczyszczony, rejest także, ochrona antywirusowa już postawiona na nogi i wszystko wróciło do normy.

Użyłem skanera online Windows Live OneCare i ESET oraz Spybota i mojego Kaspra, każdy z nich znalazł po 2, 3 syfy i usunął.

Zatem jeśli to wszystko to serdecznie dziękuję Ci za pomoc, sam pewnie niedałbym rady :piwo:


(Gutek) #9

Tak powinno być Ok