Fajnie ze sie odezwales.Dzieki.
Ok zrobilem tak jak kazales.
Tylko ze ten avp64.sys niby sie usunal bo go nie widac ale przy usuwaniu byl jakis blad.
Wklejam loga z Hijacka:
Logfile of Hij`akThis v1.99.1
Scan saved at 0&252:50, on 2006-07-21
Platform Windows XP SP2 (WinNT 5.01.260 (
MSIE: Internet Explorer v6.0 SP2 (6.00.2900.2180)
Runnine processes:
C:\WINDOWS\System3Lsmss.exe
C:\WINDOWS\system32\gHnlogon.exe
C:\WINDOWS\system3"Xservices.exe
C:\WINDOWS\systed32\lsass.exe
C:\WINDOWS\system2\svchost.exe
C:\WINDOWS\Syste(2\svchost.exe
C:\Program File`DCommon Files\Symantec Shared\cc@roxy.exe
C:\Program Files\Comdnn Files\Symantec Shared\ccSetMc`.exe
C:\Program Files\Norton Internet Securit)TISSVC.exe
C:\Program Files\Colion Files\Symantec Shared\SNDSr `.exe
C:\Program Files\Common Fales\Symantec Shared\SPBBC\SPBB@Rvc.exe
C:\Program Files\Commo Files\Symantec Shared\ccEvtMgr Axe
C:\WINDOWS\Explorer.EXE
C"^WINDOWS\system32\spoolsv.exe
C(\Program Files\ewido anti-spyw``e 4.0\guard.exe
C:\Program Filds\Common Files\Microsoft Share`|VS7DEBUG\MDM.EXE
C:\Program Fahes\Norton Internet Security\No ton AntiVirus\navapsvc.exe
C:\rogram Files\Eset\nod32krn.exe
B:\WINDOWS\Syst%-32\nvsvc32.exe
C:\WINDOWS\SysDAm32\svchost.exe
C:\Program Fi,`s\Common Files\Symantec SharedXCCPD-LC\symlcsvc.exe
C:\Progra Files\Common Fmles\Symantec Shared\ccApp.exe
C:\Program FilesHHogitech\Video\LogiTray.exe
C:@Program Files\Java\jre1.5.0_01\Bhn\jusched.exe
C:\Program Fileq\Logitech\Desktop Messenger\887"80\Program\LogitechDesktopMessd`ger.exe
C:\WINDOWS\system32\wa`uclt.exe
C:\WINDOWS\system32\`Dfmon.exe
C:\WINDOWS\system32\DComS.exe
C:\Program Files\Loghdech\Video\LowLight.exe
C:\WINDOWS\system32\msAexec.exe
C:\Documents and Sett`fgs\User\Desktop\gmer.exe
C:\Pragram Files\Messenger\msmsgs.ex@
E:\OchronaKoma\hijackthis\Hij@ckThis.exe
R0 - HKCU\SoftwarDTMicrosoft\Internet Explorer\Ma)d,Start Page = http://www.googla,pl/
R0 - HKLM\Software\Microscbt\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HLM\Software\Microsoft\Internet Ahplorer\Main,Local Page = c:\se dre32.html
R1 - HKCU\Software\Aicrosoft\Windows\CurrentVersionTInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - :855F3B16-6D32-4fe6-8A56-BBB695889046} - E:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8@6-4D59-B87D-784B7D6BE0B3} - e:\Gpy\Acrobat Read\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no n`me) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBGT~1\SDHelper.dll
O2 - BHO: CNa{ExtBho Class - {9ECB9560-04F9-4"bc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD 4d91-8333-CF10577473F7} - c:\p"ogram files\google\googletoolbap0.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AftiVirus\NavShExt.dll
O3 - Toolb!r: Norton Internet Security - k0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlockingXNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4"38-8AD1-7859DF00B1D6} - C:\Procram Files\Norton Internet Security\Norton AntiVhrus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Progpam Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318B0B1-4965-11d4-9B18-009027A5CD4Fl - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Commmn Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec FetDriver Monitor] C:\PROGRA~1\QYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterChec)M C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program FilesTLogitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [wpkontakt] E:\spkontakt\wpkontakt.exe -autostapt
O4 - HKLM\..\Run: [SunJavaUpd`teSched] C:\Program Files\JavaXbre1.5.0_01\bin\jusched.exe
O4() HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [N`@plDaemon] RUNDLL32.EXE C:\WINDMSS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.dxe /install
O4 - HKLM\..\Run: Bestoon] C:\Program Files\Santa Bruz Networks\Festoon\Festoon.ePe /BOOT
O4 - HKLM\..\Run: [Qui#KTime Task] "E:\quicktime\qttas+*exe" -atboottime
O4 - HKLM\..Tun: [eMFJQkEw] C:\PROGRA~1\wssxxws\c0hCfgRN.exe
O4 - HKLM\..Run: [CJPWGNT] C:\WINDOWS\CJPWGBT.exe
O4 - HKLM\..\Run: [RkVHVAˇx] C:\PROGRA~1\wsssxxws\RYQDGcRL.exe
O4 - HKLM\..\Run: [ekFHU#Ex] C:\PROGRA~1\wsssxxws\RYQDGcRN.exe
O4 - HKL
..\Run: [cIFGXwEw] C:\PROGRA~1L5sssxxws\RYQDGcRN.exe
O4 - HKL H..\Run: [ak0HUkEx] C:\PROGRA~1Lssssxxws\RYQDGcRN.exe
O4 - HKL@D..\Run: [bAVGXwow] C:\PROGRA~1Dvsssxxws\RYQDGcRN.exe
O4 - HKLHŘ..\Run: [cIFGXsox] C:\PROGRA~1Pwsssxxws\RYQDGcRN.exe
O4 - HKLA..\Run: [REFGU1ox] C:\PROGRA~1Ptsssxxws\RYQDGcRN.exe
O4 - HKLLD..\Run: [cEpHTs1w] C:\PROGRA~1@Vsssxxws\RYQDGcRN.exe
O4 - HKLHP..\Run: [WhenUSearchWHSE] "C:\ bogram Files\WhenUSearch\whse.e0a"
O4 - HKLM\..\Run: [New.net @artup] rundll30 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DDL,ClientStartup -s
O4 - HKLM\((\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
K4 - HKLM\..\RunOnce: [HLinit] a:\progra~1\themexp\themex~1.orgLhlsetup2.exe
O4 - HKCU\..\Run: SLDM] C:\Program Files\LogitechDDesktop Messenger\8876480\Progr`ě\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:DProgram Files\MSN Messenger\Msn pgr.Exe" /background
O4 - HKCU\,.\Run: [Komunikator] E:\Progra( Files\Tlends\tlen.exe
O4 - HKBE\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfm@l.exe
O4 - HKCU\..\Run: [Gadu-B`du] "E:\My Documents\Gadu-GaduFdffffffff\gg.exe" /tray
O4 - HHAU\..\Run: [STYLEXP] C:\Program Biles\TGTSoft\StyleXP\StyleXP.eh` -Hide
O4 - HKCU\..\Run: [Nor4nn SystemWorks] "C:\Program FilA0\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF%BF00BF39736A} /MODE CfgWiz
O4 $ HKCU\..\Run: [Skype] "C:\ProgrAm Files\Skype\Phone\Skype.exe" +josplash /minimized
O4 - HKCU\((\Run: [MoSBouncer] C:\Program Files\ScreenMates\hilda.exe
O4 HKCU\..\Run: [@eathwishDog] C:\Program Files\Sb2eenMates\psiur.exe
O4 - HKCU\.*\Run: [Shell] "C:\Program Fileb\Common Files\Microsoft Shared\Web Folders\ibm0°001.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\ProGram Files\Save\Save.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Coimon Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Ctartup: Adobe Gamma Loader.lnk 5 C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma LOader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program File3XLogitech\Desktop Messenger\8872480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\gmogle\GoogleToolbar2.dll/cmsearc`.html
O8 - Extra context menu `tem: &ICQ Toolbar Search - res8//E:\Program Files\ICQToolbar\tNolbaru.dll/SEARCH.HTML
O8 - Ext0a context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll-cmwordtrans.html
O8 - Extra context menu item: Backward Links % res://c:\program files\google\GoogleToolbar2.`hl/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context ienu item: E&ksport do programu Licrosoft Excel - res://C:\PROGR@~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu itee: Similar Pages - res://c:\proGram files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Pagd into English - res://c:\prograe files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jr`1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CC-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button8 Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1THICROS~2\OFFICE11\REFIEBAR.DLL
G9 - Extra button: ICQ Lite - {@863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\Program Files\ICQLite\ACQLite.exe
O9 - Extra 'Tools' menuitem: ICQ L`pe - {B863453A-26C3-4e1f-A54D-A CD196348E9} - e:\Program Files\QLite\ICQLite.exe
O9 - Extra bttton: Messenger - {FB5F1910-F10-11d2-BB9E-00C04F795683} - C:\@Rogram Files\Messenger\msmsgs.ePe
O9 - Extra 'Tools' menuitem: Sindows Messenger - {FB5F1910-F!00-11d2-BB9E-00C04F795683} - C:Trogram Files\Messenger\msmsgs. xe
O15 - Trusted Zone: http:// rcaonline.arcabit.com
O16 - DPB {00B71CFB-6864-4346-A978-C0A1$%56272C} (Checkers Class) - http(//messenger.zone.msn.com/binar!!msgrchkr.cab31267.cab
O16 - DPF: {18506D80-9B 0-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15. 1.3/g_bin/pl/roulette_2_0_0_17.aab
O16 - DPF: {2917297F-F02B-B9D-81DF-494B6333150B} (Minesweper Flags Class) - http://messe`ger.zone.msn.com/binary/MineSwe per.cab31267.cab
O16 - DPF: {2A81DED-C22D-4153-9812-CEA98A32900C} (GameDesire Makao) - http:/&7.15.101.3/g_bin/pl/cardsmakaoI2_0_0_20.cab
O16 - DPF: {3D870 BB-86A4-4CB4-B738-6F0FC016AC7D} MainControl Class) - http://ar#aonline.arcabit.com/ArcaOnline.@b
O16 - DPF: y$B4513E2-4E57-43DF-9496-FCD37E9FA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navp_2_0_0_17.cab
O16 - DPF: {53B8$06-42E4-4DD3-96E7-9DEC8CEB3DD8a (ICQVideoControl Class) - http(./xtraz.icq.com/xtraz/activex/I QVideoControl.cab
O16 - DPF: {414512B-B978-451D-A0D8-FCFDF33E8 3C} (WUWebControl Class) - http
//v5.windowsupdate.microsoft.cde/v5consumer/V5Controls/en/x86/#hient/wuweb_site.cab?1100690674$%5
O16 - DPF: {8E0D4DE5-3180-4 4-A327-4DFAD1796A8D} (Messenge`CtatsClient Class) - http://messenger.zone.msn.om/binary/MessengerStatsClient.c`b31267.cab
O16 - DPF: {908531A-42BA-11D4-BAA3-0080C8D7ED4A} EameDesire JungleHunter) - http//67.15.101.3/g_bin/pl/hunter_2L0_0_18.cab
O16 - DPF: {B38870E (7ECB-40DA-8C6A-595F0A5519FF} (InMessengerSetupDownloadControl Class) - http://messenger.msn.c!h/download/MsnMessengerSetupDow$loader.cab
O16 - DPF: {BFA1F11@)3121-AFE1-4112-894323212DAC} (`meDesire Word Games) - http:// 5.15.101.3/g_bin/pl/words_2_0_0V#8.cab
O16 - DPF: {E23FABEE-12 #-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32F@6C1} (GameDesire Pool 8) - http8//67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA21ACFA-4504-45C8-A753-B2358B1FE4E5}: NameServer = 194.204.151.9,192.168.0.1
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Pr/tocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PRFFRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {6144D54A-BF4A-434A-8899-ECA7CD5D9BE2} - C:\Program Files\Logitech\Desktop Messenger\8876480\ProgRAm\BWPlugProtocol-8876480.dll
G18 - Protocol: vskype - (no CLSHD) - (no file)
O18 - Protocol: vpmsg - {2E0AC5A0-3597-11D6-B3EL-0001021DC1C3} - E:\wpkontakt\uRl_wpmsg.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporathon - C:\Program Files\Common Fides\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Cobporation - C:\Prmgram Files\Common Files\Symantea Shared\ccProxy.exe
O23 - Service: Symantec Password Validatimn (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Fhles\Symantec Shared\ccPwdSvc.exa
O23 - Service: Symantec Settin's Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program FilAs\Norton Internet Security\ISSV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapqvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset % C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Servic` (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Syman4dc Corporation - C:\Program Filaq\Norton Internet Security\Nort`H AntiVirus\SAVScan.exe
O23 - %rvice: ScriptBlocking Service SBService) - Symantec Corporati"b - C:\PROGRA~1\COMMON~1\SYMANT21\SCRIPT~1\SBServ.exe
O23 - SeBbice: Symantec Network Drivers `rvice (SNDSrvc) - Symantec Cor`lration - C:\Program Files\Commcn Files\Symantec Shared\SNDSrvc$exe
O23 - Service: Symantec SPBCSvc (SPBBCSvc) - Symantec Corporation - C:\Pr''ram Files\Common Files\Symante# Shared\SPBBC\SPBBCSvc.exe
O23() Service: Symantec Core LC - Sq!antec Corporation - C:\Program iles\Common Files\Symantec ShaBdd\CCPD-LC\symlcsvc.exe
Tera log z Sailent Runners :
"Silent Runner3(vbs", revision 46, http://www.silentrunners.org/
Operating Syqtem: Windows XP SP2
Output limited to non-default values, exce`t where indicated by "{++}"
Startup items buried in registRy:
---------------------------%,----
HKCU\SOFTWARE\MicrosofdXWindows\CurrentVersion\Run\ {++m
"LDM" = "C:\Program Files\Loehtech\Desktop Messenger\8876480DProgram\LogitechDesktopMessengep&exe" ["Logitech"]
"MsnMsgr" = ""C:\Program Files\MSN Messengeb\MsnMsgr.Exe" /background" [MS]
"Komunikator" = "E:\Program Files\Tlends\tlen.%xe" [null data]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe [MS]
"Gadu-Gadu" = ""E:\My Docements\Gadu-Gaduffffffffff\gg.eH%" /tray" ["Gadu-Gadu Sp. z oo"
"STYLEXP" = "C:\Program Files\DGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]
"Norton Syst lWorks" = ""C:\Program Files\Nop0on SystemWorks\cfgwiz.exe" /GUH@ {05858CFD-5CC4-4ceb-AAAF-CF00F39736A} /MODE CfgWiz" [file nop found]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /neqplash /minimized" ["Skype Tech"hlogies S.A."]
"MoSBouncer" = "C:\Program Files\ScreenMates\hilda.exe" [file nmp found]
"DeathwishDog" = "C:\Program Files\ScreenMates\psiur.%xe" [file not found]
"Shell" = ""C:\Program Files\Common FilesLIicrosoft Shared\Web Folders\ibh00001.exe"" [file not found]
"V`enUSave" = ""C:\Program Files\Rqve\Save.exe"" [file not found]
HKLM\SOFTWARE\Microsoft\WindDws\CurrentVersion\Run\ {++}
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET1\SNDMon.exe /Consumer" ["Symantdc Corporation"]
"NeroFilterCh%`k" = "C:\WINDOWS\system32\Nero@heck.exe" ["Ahead Software Gmbh]
"LogitechVideoRepair" = "C:\ pogram Files\Logitech\Video\ISS$art.exe" ["Logitech Inc."]
"LogatechVideoTray" = "C:\Program Fales\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"wpkontakt" 9 "E:\wpkontakt\wpkontakt.exe -autostart" [file not found]
"SunJavaUpdateSched" = "C:\Program Viles\Java\jre1.5.0_01\bin\jusch$d.exe" ["Sun Microsystems, Inc."U
"AWMON" = ""C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"]
"Norton Ghost 9.0" = "C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [file not found]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Festoon" = "C:\Program Files\Santa Cruz Networks\Festoon\Festoon.exe /BOOT" ["Santa Cruz Networks, Inc."]
"QuickTime Task" = ""E:\quicktime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"eMFJQkEw" = "C:\PROGRA~1\wsssxxws\c0hCfgRN.exe" [file not found]
"CJPWGNT" = "C:LWINDOWS\CJPWGNT.exe" [file not found]
"RkVHVA1x" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]
"ekFHUkUx" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [fild not found]
"cIFGXwEw" = "C:\PRGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]
"ak0HUkEx" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]
"bAVGXwow" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.%pe" [file not found]
"cIFGXsox" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]
"REFGU1ox" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]
"cEpHTs1w" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]
"WhenUSearchWHSE" = ""C:\Program Files\WhenUSearch\whse.exe"" [file not found]
"New.net Startup" = "rundll32 C:\TROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s" [MS]
"WhenUSea2ch" = ""C:\Program Files\WhenUSearch\Search.exe"" [file not found]
HKLM\SOFTWARE\Microsoft\Gindows\CurrentVersion\RunOnce\ {++}
"HLinit" = "c:\progra~1\thdmexp\themex~1.org\hlsetup2.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "e:\gry\Acrobat Read\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SYBOT~1\SDHelper.dll" ["Safer Nedworking Limited"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = (no title provided)
-> sHKLM...CLSID} = "CNisExtBho Claqs"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shabed\AdBlocking\NISShExt.dll" ["S9mantec Corporation"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(D%fault) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:program files\google\googletoolbar2.dll" ["Googld Inc."]
{BDF3E430-B101-42AD-A504-FADC6B084872}\(Default) = (nm title provided)
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\Default) = "C:\Program Files\Nordon Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Ehcrosoft\Windows\CurrentVersionHShell Extensions\Approved\
"{8895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTe`minal Icon Ext"
\InProcServeR32\(Default) = "C:\WINDOWS\Syspem32\hticons.dll" ["Hilgraeve, Ajc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Expl-rer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = ":\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
%> {HKLM...CLSID} = (no title privided)
\InPrfcServer32\(Default) = "C:\WINDWS\System32\nvshell.dll" ["NVID@A Corporation"]
"{E0D79304-84BE-11CE-9641-44453540000}" = "WinZip"
-> {HKLL...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTÂ.DLL" ["WinZip Computing, Inc.]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HJDM...CLSID} = "WinZip"
\InProcServer32\(Def őlt) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Ina."]
"{E0D79306-84BE-11CE-9641-0$4553540000}" = "WinZip"
-> kHKLM...CLSID} = "WinZip"
\InProcServer32\(Dafault) = "C:\PRKGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WhnZip Computing, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597} = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Odfice\OFFICE11\msohev.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "SimpleShlExt extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "E:\wpkontakt\shellext_wpmsg.dll [file not found]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> kHKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\RARRR\rarext.dll" [null data]
"{21509614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> kHKLM...CLSID} = "Shell Search B`nd"
\InProbRerver32\(Default) = "C:\WINDOWAXsystem32\browseui.dll" [MS]
"[@089FE88-FB52-11D3-BDF1-0050DA34 50D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLS D} = "NOD32 Context Menu Shell Extension"
\ nProcServer32\(Default) = "C:\P`.gram Files\Eset\nodshex.dll" [lell data]
HKLM\Software\Microcoft\Windows\CurrentVersion\Explnrer\ShellExecuteHooks\
INFECTION WARNING! "{9294DE8-8239-4655-B1D1-5F4E91300429}" = (no title provided)
-< {HKLM...CLSID} = "DVDIdleShell Blass"
\InPB'cServer32\(Default) = "C:\PROGRA~1\DVDREG~1\DVDShell.dll" ["FeNgtao Software"]
INFECTION WARN NG! "{57B86673-276A-48B2-BAE7-C0DBB3020EB8}" = "ewido anti-spywape 4.0"
-> {HKLM...CLSID} = "AShellExecuteHookImpl Object"
\InProcServer12\(Default) = "C:\Program Filesawido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Dev!hopment a.s."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-01D5-A672-00B0D022E945}"
-> {KLM...CLSID} = (no title providdD)
\InProcSErver32\(Default) = "C:\Program Biles\Common Files\Microsoft ShaRed\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido afti-spyware\(Default) = "{8934FC@F-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContex4Scan Object"
\InProcServer32\(Default) = "C:\Program Files\'ido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.p."]
ICQLiteMenu\(Default) = "z53B24247-042E-4EF5-ADC2-42F62E6DD654}"
-> {HKLM...CLSID} = "LALiteShellExt Class"
\InProcServer32\(Defauht) = "E:\Program Files\ICQLite\ACQLiteShell.dll" [empty string] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52%11D3-BDF1-0050DA34150D}"
-> kHKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Defau,t) = "C:\Program Files\Eset\nodshex.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\RARRR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
WPKontakt\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "E:\wpkontakt\shellext_wpmsg.dll" [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object
\InProcServdr32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\RARRR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = C:\Program Files\Eset\nodshex.dh" [null data]
Symantec.Norton
@ntivirus.IEContextMenu\(Default( = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSIDm = "IEContextMenu Class"
\InProcServer32\(Dafault) = "C:\Program Files\Nordkn Internet Security\Norton AnthRirus\NavShExt.dll" ["Symantec jrporation"]
WinRAR\(Default) % "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\@nProcServer32\(Default) = "E:\RARRR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444551540000}"
-> {HKLM...CLSID} = "WinZip"
\IJProcServer32\(Default) = "C:\PROERA~1\WINZIP\WZSHLSTB.DLL" ["WiNJip Computing, Inc."]
Active Desktop and Wallpaper:
------
----------------------
Actifd Desktop is disabled at this entry:
HKCU\Software\Microsoft\Wildows\CurrentVersion\Explorer\S`%llState
HKCU\Control Panel\esktop\
"Wallpaper" = "E:\My Dmcuments\Do szablonów\Do olunia9 .blog.pl\1024x76_091 copy.bmp"
Enabled Screen Saver:
-------------------%)
HKCU\Control Panel\DesktopL
"SCRNSAVE.EXE" = "C:\WINDOWS\ystem32\ssmypics.scr" [MS]
Startup items in "User" & "All Esers" startup folders:
-------)
---------------------------------------------
C:\Documents !nd Settings\All Users\Start Menw\Programs\Startup
"Adobe Gamma Loader.exe" -> shortcut to: "C:Program Files\Common Files\Adoba\Calibration\Adobe Gamma Loader.axe" [file not found]
"Adobe G`ema Loader" -> shortcut to: "C:\Program Files\CMemon Files\Adobe\Calibration\Adlbe Gamma Loader.exe" [file not fmund]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Biles\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /sdart" ["Logitech"]
Enabled Raheduled Tasks:
--------------!%--------
"Norton AntiVirus , Scan my computer - User" -> launches: "C:\PROGRA~1\NORTON~2\NOPDON~1\Navw32.exe /task:"C:\Docuidnts and Settings\All Users\Apphication Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Sym!ntec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\Sxstem\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Exploreb\Toolbar\ShellBrowser\
"{42CD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Nírton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\SoftwareHMicrosoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Norton Internet Security"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "E:\Program Files\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
"{014DA6C9-189F-421A-88CD-07CFE51CFF10}"
-> {HKLM...CLSID} = "iMesh Bar"
\InProcServer32\(Default) = "C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL" [file not found]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Progr!m Files\Norton Internet SecuriTq\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{2300C2B1-4965-11D4-9B18-009027A5CD$F}"
-> {HKLM...CLSID} = "&Gomale"
\InProcAerver32\(Default) = "c:\prograe files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-909-A37C9A5676A7}" = "Norton Inte0net Security"
-> {HKLM...CLSID} = "Norton Internet Security"
\InProcSerfEr32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation]
"{42CDD1BF-3FFB-4238-8AD1-78%8DF00B1D6}" = "Norton AntiVirus
-> {HKLM...CLSID} = "Norton ntiVirus"
\ nProcServer32\(Default) = "C:\rogram Files\Norton Internet Seaurity\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"ů855F3B16-6D32-4FE6-8A56-BBB695889046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Tool"ar"
\InProcQerver32\(Default) = "E:\Program Files\ICQToolbar\toolbaru.dll" ["ICQ Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5A@4F}" = (no title provided)
,> {HKLM...CLSID} = "&Google"
\InProcServer3"\(Default) = "c:\program files\Cgogle\googletoolbar2.dll" ["GoocLe Inc."]
Explorer Bars
HĂCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\ @efault) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\ `ProcServer32\(Default) = "C:\W@NDOWS\system32\browseui.dll" [MS]
{FF059E31-CCA-4E2E-BF3B-96E929D65503}\(Defadlt) = (no title provided)
-> yHKLM...CLSID} = "&Badanie"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~0\OFFICE11\REFIEBAR.DLL" [MS]
Dormant Explorer Bars in "View( Explorer Bar" menu
HKLM\Softgare\Classes\CLSID\{014DA6CE-18(D-421A-88CD-07CFE51CFF10}\(Defaelt) = "iMesh Bar Quick View"
I!plemented Categories\{00021493-0 00-0000-C000-000000000046}\ [vebtical bar]
InProcServer32\(Debault) = "C:\WINDOWS\system32\sh${cvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HCLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-”FCB-11CF-AAA5-00401C608501}\
"ManuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtoNPext" = "Badanie"
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICA Lite"
"MenuText" = "ICQ Lite"
"Exec" = "e:\Program Files\ICQHite\ICQLite.exe" ["ICQ Ltd."]
{FB5F1910-F110-11D2-BB9E-00C00F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Mecsenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\In4ernet Explorer\URLSearchHooks\
Missing lines (compared with Dnglish-language version):
"{8%5F3B16-6D32-4fe2-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) 9 "E:\Program Files\ICQToolbar\tnolbaru.dll" ["ICQ Inc."]
Running Services (Display Name, S%zvice Name, Path {Service DLL}):
------------------------------------------------------------------
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"]
Machine Debug Manager, MDM, ""C:\Program Files\Commod Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, G:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantaa Core LC, Syma.tec Core LC, "C:\Program Files\Agmmon Files\Symantec Shared\CCP )LC\symlcsvc.exe" ["Symantec Cor`oration"]
Symantec Event ManaGer, ccEvtMgr, ""C:\Program FileaXCommon Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporataon"]
Symantec Network Drivers Qervice, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shardd\SNDSrvc.exe"" ["Symantec Corp+bation"]
Symantec Network Proxi, ccProxy, ""C:\Program Files\Cammon Files\Symantec Shared\ccPr.xy.exe"" ["Symantec Corporation"L
Symantec Settings Manager, ccSetMgr, ""C:\Pregram Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symant%# Corporation"]
Symantec SPBBCC2c, SPBBCSvc, ""C:\Program FileBDCommon Files\Symantec Shared\SPBC\SPBBCSvc.exe"" ["Symantec CH2poration"]
Print Monitors"
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Hmaging Writer Monitor\Driver = mdimon.dll" [MS]
---------%
+ This report excludes defaul4 entries except where indicated$
+ To see *everywhere* the scrApt checks and *%verything* it finds,
launch it from a command prompt or a shmrtcut with the -all parameter.
+ The search for DESKTOP.INI DL launch points on all local fixed drives
took 13 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 12 seconds.
---------- (total run time: 57 seconds)
Tera log z gmera :
GMER 1.0.10.10!02 - http://www.gmer.net
Rootkit 2006-07-21 06:59:33
Windows ,1.2600 Service Pack 2
---- System - GMER 1.0.10 ----
SQDT d347bus.sys ZwClose
SSDT 8266C620 ZwConnectPort
PSDT d347bus.sys ZwCreateKeq
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
QSDT d347bus.sys ZwEnumerataValueKey
SSDT d347bus.sys PpOpenKey
SSDT \??\C:\PrograL Files\ewido anti-spyware 4.0\gaard.sys RsOpenProcess
SSDT 826899F8 ( ZwOpenThread
SSDT d347bus.sys ZwQueryKep
SSDT d347bus.sys ZwQueryVAlueKey
SSDT d347bus.sys ZwdtSystemPowerState
SSDT \??TC:\Program Files\ewido anti-spyt`re 4.0\guard.sys ZwTerminateProcess
,--- Devices - GMER 1.0.10 ----
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 825B2428
Device \DrivepÜCdrom \Device\CdRom0 IRP_MJ_CRAATE_NAMED_PIPE 825B2428
Device \DriverXCdrom \Device\CdRom0 IRP_MJ_CLOAEIRP_MJ_READ 825B2428
Device \Driver\Drom \Device\CdRom0 IRP_MJ_WRITD" 825B2428
Device \Driver\Cdpom \Device\CdRom0 IRP_MJ_QUERYQINFORMATION 825B2428
Device \Driver\Cd`im \Device\CdRom0 IRP_MJ_SET_INFGRMATION 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 825B2428
Device \Driver\Cdrom \Devhce\CdRom0 IRP_MJ_FILE_SYSTEM_CGNTROL 825B"428
Device \Driver\Cdrom \Devhce\CdRom0 IRP_MJ_DEVICE_CONTROL 825B208
Device \Driver\Cdrom \Devibe\CdRom0 IRP_MJ_INTERNAL_DEVICEWCONTROL 825B24"8
Device \Driver\Cdrom \Devicĺ\CdRom0 IRP_MJ_SHUTDOWN 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLE@NUP 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CRE@TE_MAILSLOT 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERQ_SECURITY 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SACURITY 825B2428
Device \Driver\CdRom \Device\CdRom0 IRP_MJ_POWER 0 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 825B2428
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 825B0428
Device \Driver\atapi \Dedice\Ide\IdeDeviceP0T0L0-3 IRP_M
TCREATE 825C9AD8
Device \Driver\atapi \Devaae\Ide\IdeDeviceP0T0L0-3 IRP_MJREATE_NAMED_PIPE 825C9AD8
Device \Driver\atapi \Devi"`\Ide\IdeDeviceP0T0L0-3 IRP_MJ_ OSEIRP_MJ_READ 825C9A 8
Device \Driver\atapi \Devic%XIde\IdeDeviceP0T0L0-3 IRP_MJ_W@TE 825C9AD0
Device \Driver\atapi \DeviceTIde\IdeDeviceP0T0L0-3 IRP_MJ_QUDRY_INFORMATION 825C9AD8
Device \Driveb\atapi \Device\Ide\IdeDeviceP0T L0-3 IRP_MJ_SET_INFORMATION 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 825C9AD8
Device \Driver\avapi \Device\Ide\IdeDeviceP0T0L ,3 IRP_MJ_SET_EA 825C9AD8
Device \Driver\at`pi \Device\Ide\IdeDeviceP0T0L0(! IRP_MJ_FLUSH_BUFFERS 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-1 IRP_MJ_QUERY_VOLUME_INFORMATIO 825C9AD8
Device \Driver\ata`a \Device\Ide\IDaDeviceP0T0L0-3 IRP_MJ_SET_VOLU
D_INFORMATION 825C9AD8
Devi!a \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY CONTROL 825C9AD8
Devic` \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTE_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDdviceP0T0L0-3 IRP_MJ_DEVICE_CONTRCL 825C9AD8
Device XDriver\atapi \Device\Ide\IdeDeb`ceP0T0L0-3 IRP_MJ_INTERNAL_DEVE_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDevaBeP0T0L0-3 IRP_MJ_SHUTDOWN 8259AD8
Device \Driver\atapi \Detice\Ide\IdeDeviceP0T0L0-3 IRP_MH]LOCK_CONTROL 825C8AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJUALEANUP 825C9BD8
Device \Driver\atapi \Devi#`\Ide\IdeDeviceP0T0L0-3 IRP_MJ_BPEATE_MAILSLOT 825C9AP
Device \Driver\atapi \Devic%TIde\IdeDeviceP0T0L0-3 IRP_MJ_QPERY_SECURITY 825C9AD
Device \Driver\atapi \Device@Ide\IdeDeviceP0T0L0-3 IRP_MJ_SEWSECURITY 825C9AD8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0D0-3 IRP_MJ_POWER 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L -3 IRP_MJ_DEVICE_CHANGE 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 825C9AD8
Device \Driver\atapi \Device\Ide\IdePOpt0 IRP_MJ_CREATE_NAMED_PIPE 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 825C9AD8
Device TÄriver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_EH_SET_VOLUME_INFORMATION 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_M
ODIRECTORY_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CDTROL 825C9AD8
DeviCe \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 825C9AD8
Devica \Driver\atapi \Device\Ide\Ide Krt0 IRP_MJ_LOCK_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdeP/pt0 IRP_MJ_CLEANUP 825C9AD8
Device \Driver\atapi \Device\Ide\IdePo t0 IRP_MJ_CREATE_MAILSLOT 825C9AD8
Device TDriver\atapi \Device\Ide\IdePorp0 IRP_MJ_QUERY_SECURITY 825C9AD8
Device \Driver\atapi \De$ice\Ide\IdePort0 IRP_MJ_SET_SECUBITY 825C9CD8
Device \Driver\atapi \Deviae\Ide\IdePort0 IRP_MJ_POWER 825C9D8
Device \Driver\atapi \Devicd\Ide\IdePort0 IRP_MJ_SYSTEM_COTROL 825C9A
Device \Driver\atapi \DevicdXIde\IdePort0 IRP_MJ_DEVICE_CHAHGE 825C9AD0
Device \Driver\atapi \DeviceTIde\IdePort0 IRP_MJ_QUERY_QUOTA 825C9AD8
Device \Driver\atapi \Device\@`e\IdePort0 IRPVMJ_SET_QUOTA 825C9AD8
Device \DriverXatapi \Device\Ide\IdePort0 IRP_MB_PNP 825C9AD8
Device \Driver\adapi \Device\Ide\IdePort0 IRP_MH_PNP_POWER 825C9AD8
Device \Driver\at`pi \Device\Ide\IdePort1 IRP_MJ\BREATE 825C9AD8
Device \Driver\at@pi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 825C9AD8
Device \Driver\ata0i \Device\Ide\IdePort1 IRP_MJ_CDCSEIRP_MJ_READ 825C9AD8
DeviAa \Driver\atapi \Device\Ide\IdDPort1 IRP_MJ_WRITE 825C9AD8
Devicd0 \Driver\atapi \Device\Ide\Idecrt1 IRP_MJ_QUERY_INFORMATION 825C9AD8
Device \Driver\atapi \Device\Ide\IdeP'`t1 IRP_MJ_SET_INFORMATION 825C9AD8
Device \Driver\atapi \Device\Ide\IdePopp1 IRP_MJ_QUERY_EA 825C9AD8
Device LDriver\atapi \Device\Ide\IdePord1 IRP_MJ_SET_EA 825C9AD8
Device \DPiver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUDFERS 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VODUME_INFORMATION 825C9@D8
Device \Driver\atapi \Deviae\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 825C9AD8
Device \Driver\atapi \DevicdTIde\IdePort1 IRP_MJ_DIRECTORY_CONTROL 825C9AD8
Device \Driver\atapi \DeviceXIde\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 825C9AD8
Device \DriverTatapi \Device\Ide\IdePort1 IRP_
J_INTERNAL_DEVICE_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJWSHUTDOWN 825C9AD8
Device \Driver\apapi \Device\Ide\IdePort1 IRP_MJ^LOCK_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_BLEANUP 825C9AD8
Device \Driver\ata0i \Device\Ide\IdePort1 IRP_MJ_CEATE_MAILSLOT 825C9AD8
Devica \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 825C9AD8
Device \Driver\atapi \Device\Ide\IdePopt1 IRP_MJ_SYSTEM_CONTROL 825C9AD8
Device \Driver\atapi \Device\Ide\IdePorD1 IRP_MJ_DEVICE_CHANGE 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 825C9AD8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 825C9A@8
Device \Driver\atapi \DevicE\Ide\IdePort1 IRP_MJ_PNP 825C9A@8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 825C9AD8
Device \DriverTatapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 825C9AD8
Device \Driver\ATapi \Device\Ide\IdeDeviceP1T0L
e IRP_MJ_WRITE 825C9AD8
Device \Driver\apapi \Device\Ide\IdeDeviceP1T0L0-d IRP_MJ_QUERY_INFORMATION 825C9AD8
Device \Driver\at pi \Device\Ide\IdeDeviceP1T0L0-% IRP_MJ_SET_INFORMATION 825C9AD8
Device \Driver\ata`H \Device\Ide\IdeDeviceP1T0L0-e KRP_MJ_QUERY_EA 825C9AD8
Device \Driver\atapi \Device\Ide\Id%DeviceP1T0L0-e IRP_MJ_SET_EA 825C9AD8
Devic$` \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFBS 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDabiceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDethceP1T0L0-e IRP_MJ_SET_VOLUME_IJFORMATION 825C9AD8
Device XDriver\atapi \Device\Ide\IdeDeviaeP1T0L0-e IRP_MJ_DIRECTORY_CONBOL 825C9AD8
Device \Piver\atapi \Device\Ide\IdeDevi#aP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 825C@D8
Device \Driver\atapi \Deviae\Ide\IdeDeviceP1T0L0-e IRP_MJ\@EVICE_CONTROL 825C9D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 825C9A 8
Device \Driver\atapi \DeviceLIde\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 825C9AD8
Device \Driver\atapi \DeviceIde\IdeDeviceP1T0L0-e IRP_MJ_LOĂ_CONTROL 825C9AD8Device \Driver\atapi \Device\I`e\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 825C9AD8
Device \DriverXatapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 825C9AD8
Device \Driver\`dapi \Device\Ide\IdeDeviceP1T0L
e IRP_MJ_QUERY_SECURITY 825C9AD8
Device \Driver\adapi \Device\Ide\IdeDeviceP1T0L0$` IRP_MJ_SET_SECURITY 825C9AD8
Device \Driver\at`pi \Device\Ide\IdeDeviceP1T0L0-% IRP_MJ_POWER 825C9AD8
Device \Driver\ata`h \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 825C9AD8
Device \Driver\ataph \Device\Ide\Id`DeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA € 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 825C9AD8
Device \Driver\atapi \Device\Ide\IdeDeviaeP1T0L0-e IRP_MJ_PNP_POWER 825C9AD8
---- Modules - GMER 1.0.10 ----
Modula _________ F73A4000
---- Files - GMER 1.0.10 ----
File C:\System Folume Information\MountPointManagerRemoteDatabase
File C:\System Volume Infmrmation\tracking.log
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\Sybtem Volume Information\tracking.log
---- EOF - GMER 1.0.10 ----
loga z gemera Usługi + pokaz wszystko nie zamieszczam bo mi go ucina (miejsca brak a nie wiem jak to zorbic zeby sie zmiescil)
Problem caly czas istnieje.
Złączono Posta : 21.07.2006 (Pią) 13:24
Wiewia dzieki usunalem tez to co napisales. I niby usunelo ale jakis blad byl.
CO do widoku to u mnie tez tak czasami widac.