Witam wszystkich.

Mam wielki problem i jak dotad nikt mi nie umial pomoc.

W kompie jakis program blokuje mi dostep do internetu.

Siedze od rana na roznych forach i je przegladam, byly podobne przypadki ale ten moj to jest chyba niespotykany.

Skanowałem system, robilem loga w hijacku analizowal mi go program ze strony internetowej http://www.hijackthis.de/ , usunalem to co kazal.

Oczywisice robilem to w trybie awaryjnym. Wykorzystalem takie programy jak :ad adware, norton, cwshredder, SpSeHjfix, spybotsd13, killbox, ispfix. No i nic to nie dalo

Ale jest cos podejrzanego tylko ze zaden z tych programow nie mogl usunac tego. na dysku c:\program files\wsssxxws znajduje sie tu takie pliki : NRgfCh0c.exe , profile DAT file i cnml.exe .

Prosze doradzcie cos bo juz mi rece opadaja.

Ok wklejam ostatniego loga z hijacka.

Proszę poprawić tytuł na konkretny i zastosować się do tematu traktującego o prawidłowym wklejaniu logów HT

A może spróbuj usunać te pliki modułem Force Delete w Odkurzaczu. Próbowałeś??

Odkurzaczem nie probowalem ale zaraz sprobuje. Dzieki za rade.

skasuj pogrubione pliki/foldery ręcznie a wpisy hijackiem w trybie awaryjnym bez przywracania systemu

daj loga z silent runners

Juz trace wiere ze da sie to naprawic

W doodaj/usuń odinstaluj WhenUSearch

1.Startujesz do trybu awaryjnego

2.Wyłanczasz przywracanie systemu (tylko Me/Xp)

3.Kasujesz wpisy w HijackThis

4.Kasujesz pogrubione pliki/foldery

5.Dajesz nowy log z hjt + log z Silent Runners

a co się pokazuje, podaj treść błędu

nie znalazlem tego w dodaj/usun programy

A co do Saillent Runers to niec sie nie dzieje klikam i nic.

Ok to wchodze w tryb awaryjny i robie tak jak pisales.

Złączono Posta : 20.07.2006 (Czw) 18:11

Plikow WhenUSearch i save wogole nie znalazlem na dysku, a tego pliku NRgfCh0c nie da sie usunac jak zawsze i wyskakuje taki komunikat:

A log wyglada tak :

Siedze nadal w trybie awaryjnym co mam robic dalej skoro nie usunąłem tamtych plikow ???

Złączono Posta : 20.07.2006 (Czw) 19:51

Kurka to juz nikt wiecej nie ma pomyslow jak mi pomoc ???

Masz jakiś problem ze znakami na kompie ?

…

jak to nic ?

no to…

Ściągnij Gmer’a, uruchom, przejdź do zakładki cmd i wklej:

w zakładce procesy wybierz zabij wszystko, powrót do cmd , wybierz uruchom.

W procesy wybierz 3 kropki “…” wskaż hijackthis, zrób skan i skasuj wpisy:

restart i nowe logi, na wszelki wypadek Daj log z Gmer’a, ściągnij>>>uruchom>>>przejdź do zakładki “rootkit”>>>wybierz “szukaj”>>>czekaż cierpliwie aż program zakończy prace>>>klikasz “kopiuj”>>>ctrl + v i wklej do posta.

Ok zrobilem tak jak kazales. I udalo mi sie zrobic loga z Silent Runners.

Chociaz nadal jest ten sam problem lecz moze zrobimy krok na przod

Ok log 1 z Hijacka:

Log nr 2 z gmera:

Tak jak myślałem,mamy rootkity, haxdoor w wersji AP i Adware Commonname , nic dziwnego, że nie mogłeś skasowć tego folderu ;]

Hmm masz deamon tools, zobacz problemy z gmerem, dysfunkcja zabij wszystko z powodu wirtualnych napędów

Jeśli już wykonasz wszystko co masz tam opisane.

W gmerze:

Do zakładki cmd wklejasz:

W zakładce usługi znajdź i skasuj z prawokliku usługi:

avpe64 i winik.

W zakładce procesy wybierz opcje zabij wszystko, powróć do cmd i wybierz uruchom. Restart kompa i nowy log z gmera i silent runners.

Zrób 2 logi z gmera, jeden normalny, a w 2 zaznacz tylko usługi + pokaż wszystko.

InfinityToJa niech wklei jeszcze fix naprawczy do rejestru w zakładce regedit. Tak jak jest w tym temacie czytaj Wersje Backdoor.Haxdoor wersja AP Wybierz odpowiedni fix i wklej do gmera w zakładce regedit. Daj uruchom zarówno dla CMD i REGEDIT

do komend cmd doklej jeszcze

Ok zrobilem tak jak kazales InfinitiToJa.

To co radzil wiewia niepotrafilem.

Te pliki w katalogu wsssxws zostaly usuniete chyba, bo w program files ich nie ma

Lecz internet nadal nie dziala

Padam na twarz.Zamieszczam ostatnie na dzis logi i moze powalczymy jutro

W kazdym razie dziekuje.

Log GMER nr 1

Log Gmer nr 2 (zaznaczone usługi i pokaz wszystko)

Wycialem tego loga z Sailent Runers bo i tak go ucielo.

Jeszcze raz prosze wysztkich o pomoc.

Naprawde juz nikt nie ma pomyslow ???

A tak dla jasnosci to ten komputer w ktorym nie ma internetu jest podlaczony w sieci domowej.

Czyli ten z ktorego teraz pisze to jest komp glowny.

Korzystam z neostrady.

Z tego co wiem to w polaczeniach mam wszystko dobrze poustawiane.

Przed wystapieniem problemu nic w nich nie zmienialem.

Wierze ze w koncu jakos sie uda rozwiazac problem.

Czekam na info.

W gmerze w zakładce cmd wklej:

Zaznacz REGEDIT.EXE i wklej:

Przejdź do zakładki procesy i wybierz opcje zabij wszystko, w zakładce usługi znajdź i skasuj usługę o nazwie avpe64 (z prawokliku wybierz usuń usługę), później w cmd wybierasz uruchom>>zaznaczasz regedit.exe i również uruchom. Po zabiegach nowy log z gmera (z usługi + pokaż wszystko) , silent runners i hijackthis.

Nie usunołeś usługi. Po wybraniu opcji zabij wszystko. Przejdz najpierw do zakładki usługi i znajdz

Prawym myszy na tą usługe wybierz usuń. Gmer zapyta się czy usunąć plik oczywiście zgadzasz sie i potem walisz komendy do regedit i cmd.

P.S

Nie wiem czy tylko u mnie tak widać w operze tą strone.

Fajnie ze sie odezwales.Dzieki.

Ok zrobilem tak jak kazales.

Tylko ze ten avp64.sys niby sie usunal bo go nie widac ale przy usuwaniu byl jakis blad.

Wklejam loga z Hijacka:

Logfile of Hij`akThis v1.99.1

Scan saved at 0&252:50, on 2006-07-21

Platform Windows XP SP2 (WinNT 5.01.260 (

MSIE: Internet Explorer v6.0 SP2 (6.00.2900.2180)


Runnine processes:

C:\WINDOWS\System3Lsmss.exe

C:\WINDOWS\system32\gHnlogon.exe

C:\WINDOWS\system3"Xservices.exe

C:\WINDOWS\systed32\lsass.exe

C:\WINDOWS\system2\svchost.exe

C:\WINDOWS\Syste(2\svchost.exe

C:\Program File`DCommon Files\Symantec Shared\cc@roxy.exe

C:\Program Files\Comdnn Files\Symantec Shared\ccSetMc`.exe

C:\Program Files\Norton Internet Securit)TISSVC.exe

C:\Program Files\Colion Files\Symantec Shared\SNDSr `.exe

C:\Program Files\Common Fales\Symantec Shared\SPBBC\SPBB@Rvc.exe

C:\Program Files\Commo Files\Symantec Shared\ccEvtMgr Axe

C:\WINDOWS\Explorer.EXE

C"^WINDOWS\system32\spoolsv.exe

C(\Program Files\ewido anti-spyw``e 4.0\guard.exe

C:\Program Filds\Common Files\Microsoft Share`|VS7DEBUG\MDM.EXE

C:\Program Fahes\Norton Internet Security\No ton AntiVirus\navapsvc.exe

C:\rogram Files\Eset\nod32krn.exe

B:\WINDOWS\Syst%-32\nvsvc32.exe

C:\WINDOWS\SysDAm32\svchost.exe

C:\Program Fi,`s\Common Files\Symantec SharedXCCPD-LC\symlcsvc.exe

C:\Progra Files\Common Fmles\Symantec Shared\ccApp.exe

C:\Program FilesHHogitech\Video\LogiTray.exe

C:@Program Files\Java\jre1.5.0_01\Bhn\jusched.exe

C:\Program Fileq\Logitech\Desktop Messenger\887"80\Program\LogitechDesktopMessd`ger.exe

C:\WINDOWS\system32\wa`uclt.exe

C:\WINDOWS\system32\`Dfmon.exe

C:\WINDOWS\system32\DComS.exe

C:\Program Files\Loghdech\Video\LowLight.exe

C:\WINDOWS\system32\msAexec.exe

C:\Documents and Sett`fgs\User\Desktop\gmer.exe

C:\Pragram Files\Messenger\msmsgs.ex@

E:\OchronaKoma\hijackthis\Hij@ckThis.exe


R0 - HKCU\SoftwarDTMicrosoft\Internet Explorer\Ma)d,Start Page = http://www.googla,pl/

R0 - HKLM\Software\Microscbt\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HLM\Software\Microsoft\Internet Ahplorer\Main,Local Page = c:\se dre32.html

R1 - HKCU\Software\Aicrosoft\Windows\CurrentVersionTInternet Settings,ProxyOverride = localhost

R3 - URLSearchHook: ICQ Toolbar - :855F3B16-6D32-4fe6-8A56-BBB695889046} - E:\Program Files\ICQToolbar\toolbaru.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8@6-4D59-B87D-784B7D6BE0B3} - e:\Gpy\Acrobat Read\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no n`me) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBGT~1\SDHelper.dll

O2 - BHO: CNa{ExtBho Class - {9ECB9560-04F9-4"bc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD	4d91-8333-CF10577473F7} - c:\p"ogram files\google\googletoolbap0.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AftiVirus\NavShExt.dll

O3 - Toolb!r: Norton Internet Security - k0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlockingXNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4"38-8AD1-7859DF00B1D6} - C:\Procram Files\Norton Internet Security\Norton AntiVhrus\NavShExt.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Progpam Files\ICQToolbar\toolbaru.dll

O3 - Toolbar: &Google - {2318B0B1-4965-11d4-9B18-009027A5CD4Fl - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Commmn Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Symantec FetDriver Monitor] C:\PROGRA~1\QYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NeroFilterChec)M C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program FilesTLogitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [wpkontakt] E:\spkontakt\wpkontakt.exe -autostapt

O4 - HKLM\..\Run: [SunJavaUpd`teSched] C:\Program Files\JavaXbre1.5.0_01\bin\jusched.exe

O4() HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [N`@plDaemon] RUNDLL32.EXE C:\WINDMSS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.dxe /install

O4 - HKLM\..\Run: Bestoon] C:\Program Files\Santa Bruz Networks\Festoon\Festoon.ePe /BOOT

O4 - HKLM\..\Run: [Qui#KTime Task] "E:\quicktime\qttas+*exe" -atboottime

O4 - HKLM\..Tun: [eMFJQkEw] C:\PROGRA~1\wssxxws\c0hCfgRN.exe

O4 - HKLM\..Run: [CJPWGNT] C:\WINDOWS\CJPWGBT.exe

O4 - HKLM\..\Run: [RkVHVAˇx] C:\PROGRA~1\wsssxxws\RYQDGcRL.exe

O4 - HKLM\..\Run: [ekFHU#Ex] C:\PROGRA~1\wsssxxws\RYQDGcRN.exe

O4 - HKL

..\Run: [cIFGXwEw] C:\PROGRA~1L5sssxxws\RYQDGcRN.exe

O4 - HKL H..\Run: [ak0HUkEx] C:\PROGRA~1Lssssxxws\RYQDGcRN.exe

O4 - HKL@D..\Run: [bAVGXwow] C:\PROGRA~1Dvsssxxws\RYQDGcRN.exe

O4 - HKLHŘ..\Run: [cIFGXsox] C:\PROGRA~1Pwsssxxws\RYQDGcRN.exe

O4 - HKLA..\Run: [REFGU1ox] C:\PROGRA~1Ptsssxxws\RYQDGcRN.exe

O4 - HKLLD..\Run: [cEpHTs1w] C:\PROGRA~1@Vsssxxws\RYQDGcRN.exe

O4 - HKLHP..\Run: [WhenUSearchWHSE] "C:\ bogram Files\WhenUSearch\whse.e0a"

O4 - HKLM\..\Run: [New.net @artup] rundll30 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DDL,ClientStartup -s

O4 - HKLM\((\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"

K4 - HKLM\..\RunOnce: [HLinit] a:\progra~1\themexp\themex~1.orgLhlsetup2.exe

O4 - HKCU\..\Run: SLDM] C:\Program Files\LogitechDDesktop Messenger\8876480\Progr`ě\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:DProgram Files\MSN Messenger\Msn	pgr.Exe" /background

O4 - HKCU\,.\Run: [Komunikator] E:\Progra( Files\Tlends\tlen.exe

O4 - HKBE\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfm@l.exe

O4 - HKCU\..\Run: [Gadu-B`du] "E:\My Documents\Gadu-GaduFdffffffff\gg.exe" /tray

O4 - HHAU\..\Run: [STYLEXP] C:\Program Biles\TGTSoft\StyleXP\StyleXP.eh` -Hide

O4 - HKCU\..\Run: [Nor4nn SystemWorks] "C:\Program FilA0\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF%BF00BF39736A} /MODE CfgWiz

O4 $ HKCU\..\Run: [Skype] "C:\ProgrAm Files\Skype\Phone\Skype.exe" +josplash /minimized

O4 - HKCU\((\Run: [MoSBouncer] C:\Program Files\ScreenMates\hilda.exe

O4 HKCU\..\Run: [@eathwishDog] C:\Program Files\Sb2eenMates\psiur.exe

O4 - HKCU\.*\Run: [Shell] "C:\Program Fileb\Common Files\Microsoft Shared\Web Folders\ibm0°001.exe"

O4 - HKCU\..\Run: [WhenUSave] "C:\ProGram Files\Save\Save.exe"

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Coimon Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Ctartup: Adobe Gamma Loader.lnk 5 C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma LOader.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program File3XLogitech\Desktop Messenger\8872480\Program\LDMConf.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\gmogle\GoogleToolbar2.dll/cmsearc`.html

O8 - Extra context menu `tem: &ICQ Toolbar Search - res8//E:\Program Files\ICQToolbar\tNolbaru.dll/SEARCH.HTML

O8 - Ext0a context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll-cmwordtrans.html

O8 - Extra context menu item: Backward Links % res://c:\program files\google\GoogleToolbar2.`hl/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context ienu item: E&ksport do programu Licrosoft Excel - res://C:\PROGR@~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu itee: Similar Pages - res://c:\proGram files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Pagd into English - res://c:\prograe files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jr`1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CC-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button8 Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1THICROS~2\OFFICE11\REFIEBAR.DLL

G9 - Extra button: ICQ Lite - {@863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\Program Files\ICQLite\ACQLite.exe

O9 - Extra 'Tools' menuitem: ICQ L`pe - {B863453A-26C3-4e1f-A54D-A CD196348E9} - e:\Program Files\QLite\ICQLite.exe

O9 - Extra bttton: Messenger - {FB5F1910-F10-11d2-BB9E-00C04F795683} - C:\@Rogram Files\Messenger\msmsgs.ePe

O9 - Extra 'Tools' menuitem: Sindows Messenger - {FB5F1910-F!00-11d2-BB9E-00C04F795683} - C:Trogram Files\Messenger\msmsgs. xe

O15 - Trusted Zone: http:// rcaonline.arcabit.com

O16 - DPB {00B71CFB-6864-4346-A978-C0A1$%56272C} (Checkers Class) - http(//messenger.zone.msn.com/binar!!msgrchkr.cab31267.cab

O16 - DPF: {18506D80-9B 0-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15. 1.3/g_bin/pl/roulette_2_0_0_17.aab

O16 - DPF: {2917297F-F02B-B9D-81DF-494B6333150B} (Minesweper Flags Class) - http://messe`ger.zone.msn.com/binary/MineSwe per.cab31267.cab

O16 - DPF: {2A81DED-C22D-4153-9812-CEA98A32900C} (GameDesire Makao) - http:/&7.15.101.3/g_bin/pl/cardsmakaoI2_0_0_20.cab

O16 - DPF: {3D870 BB-86A4-4CB4-B738-6F0FC016AC7D} MainControl Class) - http://ar#aonline.arcabit.com/ArcaOnline.@b

O16 - DPF: y$B4513E2-4E57-43DF-9496-FCD37E9FA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navp_2_0_0_17.cab

O16 - DPF: {53B8$06-42E4-4DD3-96E7-9DEC8CEB3DD8a (ICQVideoControl Class) - http(./xtraz.icq.com/xtraz/activex/I QVideoControl.cab

O16 - DPF: {414512B-B978-451D-A0D8-FCFDF33E8 3C} (WUWebControl Class) - http

//v5.windowsupdate.microsoft.cde/v5consumer/V5Controls/en/x86/#hient/wuweb_site.cab?1100690674$%5

O16 - DPF: {8E0D4DE5-3180-4 4-A327-4DFAD1796A8D} (Messenge`CtatsClient Class) - http://messenger.zone.msn.om/binary/MessengerStatsClient.c`b31267.cab

O16 - DPF: {908531A-42BA-11D4-BAA3-0080C8D7ED4A} EameDesire JungleHunter) - http//67.15.101.3/g_bin/pl/hunter_2L0_0_18.cab

O16 - DPF: {B38870E (7ECB-40DA-8C6A-595F0A5519FF} (InMessengerSetupDownloadControl Class) - http://messenger.msn.c!h/download/MsnMessengerSetupDow$loader.cab

O16 - DPF: {BFA1F11@)3121-AFE1-4112-894323212DAC} (`meDesire Word Games) - http:// 5.15.101.3/g_bin/pl/words_2_0_0V#8.cab

O16 - DPF: {E23FABEE-12 #-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32F@6C1} (GameDesire Pool 8) - http8//67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA21ACFA-4504-45C8-A753-B2358B1FE4E5}: NameServer = 194.204.151.9,192.168.0.1

O18 - Protocol: Festoon - (no CLSID) - (no file)

O18 - Pr/tocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PRFFRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {6144D54A-BF4A-434A-8899-ECA7CD5D9BE2} - C:\Program Files\Logitech\Desktop Messenger\8876480\ProgRAm\BWPlugProtocol-8876480.dll

G18 - Protocol: vskype - (no CLSHD) - (no file)

O18 - Protocol: vpmsg - {2E0AC5A0-3597-11D6-B3EL-0001021DC1C3} - E:\wpkontakt\uRl_wpmsg.dll (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporathon - C:\Program Files\Common Fides\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Cobporation - C:\Prmgram Files\Common Files\Symantea Shared\ccProxy.exe

O23 - Service: Symantec Password Validatimn (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Fhles\Symantec Shared\ccPwdSvc.exa

O23 - Service: Symantec Settin's Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program FilAs\Norton Internet Security\ISSV.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapqvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset % C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Driver Helper Servic` (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Syman4dc Corporation - C:\Program Filaq\Norton Internet Security\Nort`H AntiVirus\SAVScan.exe

O23 - %rvice: ScriptBlocking Service SBService) - Symantec Corporati"b - C:\PROGRA~1\COMMON~1\SYMANT21\SCRIPT~1\SBServ.exe

O23 - SeBbice: Symantec Network Drivers `rvice (SNDSrvc) - Symantec Cor`lration - C:\Program Files\Commcn Files\Symantec Shared\SNDSrvc$exe

O23 - Service: Symantec SPBCSvc (SPBBCSvc) - Symantec Corporation - C:\Pr''ram Files\Common Files\Symante# Shared\SPBBC\SPBBCSvc.exe

O23() Service: Symantec Core LC - Sq!antec Corporation - C:\Program iles\Common Files\Symantec ShaBdd\CCPD-LC\symlcsvc.exe

Tera log z Sailent Runners :

"Silent Runner3(vbs", revision 46, http://www.silentrunners.org/

Operating Syqtem: Windows XP SP2

Output limited to non-default values, exce`t where indicated by "{++}"



Startup items buried in registRy:

---------------------------%,----


HKCU\SOFTWARE\MicrosofdXWindows\CurrentVersion\Run\ {++m

"LDM" = "C:\Program Files\Loehtech\Desktop Messenger\8876480DProgram\LogitechDesktopMessengep&exe" ["Logitech"]

"MsnMsgr" = ""C:\Program Files\MSN Messengeb\MsnMsgr.Exe" /background" [MS]

"Komunikator" = "E:\Program Files\Tlends\tlen.%xe" [null data]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe [MS]

"Gadu-Gadu" = ""E:\My Docements\Gadu-Gaduffffffffff\gg.eH%" /tray" ["Gadu-Gadu Sp. z oo"

"STYLEXP" = "C:\Program Files\DGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]

"Norton Syst lWorks" = ""C:\Program Files\Nop0on SystemWorks\cfgwiz.exe" /GUH@ {05858CFD-5CC4-4ceb-AAAF-CF00F39736A} /MODE CfgWiz" [file nop found]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /neqplash /minimized" ["Skype Tech"hlogies S.A."]

"MoSBouncer" = "C:\Program Files\ScreenMates\hilda.exe" [file nmp found]

"DeathwishDog" = "C:\Program Files\ScreenMates\psiur.%xe" [file not found]

"Shell" = ""C:\Program Files\Common FilesLIicrosoft Shared\Web Folders\ibh00001.exe"" [file not found]

"V`enUSave" = ""C:\Program Files\Rqve\Save.exe"" [file not found]


HKLM\SOFTWARE\Microsoft\WindDws\CurrentVersion\Run\ {++}

"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET1\SNDMon.exe /Consumer" ["Symantdc Corporation"]

"NeroFilterCh%`k" = "C:\WINDOWS\system32\Nero@heck.exe" ["Ahead Software Gmbh]

"LogitechVideoRepair" = "C:\ pogram Files\Logitech\Video\ISS$art.exe" ["Logitech Inc."]

"LogatechVideoTray" = "C:\Program Fales\Logitech\Video\LogiTray.exe" ["Logitech Inc."]

"wpkontakt" 9 "E:\wpkontakt\wpkontakt.exe -autostart" [file not found]

"SunJavaUpdateSched" = "C:\Program Viles\Java\jre1.5.0_01\bin\jusch$d.exe" ["Sun Microsystems, Inc."U

"AWMON" = ""C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"]

"Norton Ghost 9.0" = "C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [file not found]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"Festoon" = "C:\Program Files\Santa Cruz Networks\Festoon\Festoon.exe /BOOT" ["Santa Cruz Networks, Inc."]

"QuickTime Task" = ""E:\quicktime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"eMFJQkEw" = "C:\PROGRA~1\wsssxxws\c0hCfgRN.exe" [file not found]

"CJPWGNT" = "C:LWINDOWS\CJPWGNT.exe" [file not found]

"RkVHVA1x" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]

"ekFHUkUx" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [fild not found]

"cIFGXwEw" = "C:\PRGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]

"ak0HUkEx" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]

"bAVGXwow" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.%pe" [file not found]

"cIFGXsox" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]

"REFGU1ox" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]

"cEpHTs1w" = "C:\PROGRA~1\wsssxxws\RYQDGcRN.exe" [file not found]

"WhenUSearchWHSE" = ""C:\Program Files\WhenUSearch\whse.exe"" [file not found]

"New.net Startup" = "rundll32 C:\TROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s" [MS]

"WhenUSea2ch" = ""C:\Program Files\WhenUSearch\Search.exe"" [file not found]


HKLM\SOFTWARE\Microsoft\Gindows\CurrentVersion\RunOnce\ {++}

"HLinit" = "c:\progra~1\thdmexp\themex~1.org\hlsetup2.exe" [file not found]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "e:\gry\Acrobat Read\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\SYBOT~1\SDHelper.dll" ["Safer Nedworking Limited"]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = (no title provided)

  -> sHKLM...CLSID} = "CNisExtBho Claqs"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shabed\AdBlocking\NISShExt.dll" ["S9mantec Corporation"]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(D%fault) = (no title provided)

  -> {HKLM...CLSID} = "Google Toolbar Helper"

                   \InProcServer32\(Default) = "c:program files\google\googletoolbar2.dll" ["Googld Inc."]

{BDF3E430-B101-42AD-A504-FADC6B084872}\(Default) = (nm title provided)

  -> {HKLM...CLSID} = "CNavExtBho Class"

                   \InProcServer32\Default) = "C:\Program Files\Nordon Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKLM\Software\Ehcrosoft\Windows\CurrentVersionHShell Extensions\Approved\

"{8895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTe`minal Icon Ext"

                   \InProcServeR32\(Default) = "C:\WINDOWS\Syspem32\hticons.dll" ["Hilgraeve, Ajc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Expl-rer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = ":\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  %> {HKLM...CLSID} = (no title privided)

                   \InPrfcServer32\(Default) = "C:\WINDWS\System32\nvshell.dll" ["NVID@A Corporation"]

"{E0D79304-84BE-11CE-9641-44453540000}" = "WinZip"

  -> {HKLL...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTÂ.DLL" ["WinZip Computing, Inc.]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

  -> {HJDM...CLSID} = "WinZip"

                   \InProcServer32\(Def őlt) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Ina."]

"{E0D79306-84BE-11CE-9641-0$4553540000}" = "WinZip"

  -> kHKLM...CLSID} = "WinZip"

                   \InProcServer32\(Dafault) = "C:\PRKGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WhnZip Computing, Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597} = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Odfice\OFFICE11\msohev.dll" [MS]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"

  -> {HKLM...CLSID} = "My Logitech Pictures"

                   \InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"

  -> {HKLM...CLSID} = "Universal Plug and Play Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "SimpleShlExt extension"

  -> {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "E:\wpkontakt\shellext_wpmsg.dll [file not found]

"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"

  -> kHKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "E:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\RARRR\rarext.dll" [null data]

"{21509614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> kHKLM...CLSID} = "Shell Search B`nd"

                   \InProbRerver32\(Default) = "C:\WINDOWAXsystem32\browseui.dll" [MS]

"[@089FE88-FB52-11D3-BDF1-0050DA34 50D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLS	D} = "NOD32 Context Menu Shell Extension"

                   \	nProcServer32\(Default) = "C:\P`.gram Files\Eset\nodshex.dll" [lell data]


HKLM\Software\Microcoft\Windows\CurrentVersion\Explnrer\ShellExecuteHooks\

INFECTION WARNING! "{9294DE8-8239-4655-B1D1-5F4E91300429}" = (no title provided)

  -< {HKLM...CLSID} = "DVDIdleShell Blass"

                   \InPB'cServer32\(Default) = "C:\PROGRA~1\DVDREG~1\DVDShell.dll" ["FeNgtao Software"]

INFECTION WARN NG! "{57B86673-276A-48B2-BAE7-C0DBB3020EB8}" = "ewido anti-spywape 4.0"

  -> {HKLM...CLSID} = "AShellExecuteHookImpl Object"

                   \InProcServer12\(Default) = "C:\Program Filesawido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Dev!hopment a.s."]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-01D5-A672-00B0D022E945}"

  -> {KLM...CLSID} = (no title providdD)

                   \InProcSErver32\(Default) = "C:\Program Biles\Common Files\Microsoft ShaRed\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

ewido afti-spyware\(Default) = "{8934FC@F-F5B8-468f-951F-78A921CD3920}"	

  -> {HKLM...CLSID} = "CContex4Scan Object"

                   \InProcServer32\(Default) = "C:\Program Files\'ido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.p."]

ICQLiteMenu\(Default) = "z53B24247-042E-4EF5-ADC2-42F62E6DD654}"

  -> {HKLM...CLSID} = "LALiteShellExt Class"

                   \InProcServer32\(Defauht) = "E:\Program Files\ICQLite\ACQLiteShell.dll" [empty string]	NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52%11D3-BDF1-0050DA34150D}"

  -> kHKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Defau,t) = "C:\Program Files\Eset\nodshex.dll" [null data]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\RARRR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

WPKontakt\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"

  -> {HKLM...CLSID} = "SimpleShlExt Class"

                   \InProcServer32\(Default) = "E:\wpkontakt\shellext_wpmsg.dll" [file not found]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object 

                   \InProcServdr32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"

  -> {HKLM...CLSID} = "MCLiteShellExt Class"

                   \InProcServer32\(Default) = "E:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "E:\RARRR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

  -> {HKLM...CLSID} = "WinZip"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = C:\Program Files\Eset\nodshex.dh" [null data]

Symantec.Norton

@ntivirus.IEContextMenu\(Default( = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {HKLM...CLSIDm = "IEContextMenu Class"

                   \InProcServer32\(Dafault) = "C:\Program Files\Nordkn Internet Security\Norton AnthRirus\NavShExt.dll" ["Symantec jrporation"]

WinRAR\(Default) % "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \@nProcServer32\(Default) = "E:\RARRR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444551540000}"

  -> {HKLM...CLSID} = "WinZip"

                   \IJProcServer32\(Default) = "C:\PROERA~1\WINZIP\WZSHLSTB.DLL" ["WiNJip Computing, Inc."]



Active Desktop and Wallpaper:

------

----------------------


Actifd Desktop is disabled at this entry:

HKCU\Software\Microsoft\Wildows\CurrentVersion\Explorer\S`%llState


HKCU\Control Panel\esktop\

"Wallpaper" = "E:\My Dmcuments\Do szablonów\Do olunia9 .blog.pl\1024x76_091 copy.bmp"



Enabled Screen Saver:

-------------------%)


HKCU\Control Panel\DesktopL

"SCRNSAVE.EXE" = "C:\WINDOWS\ystem32\ssmypics.scr" [MS]



Startup items in "User" & "All Esers" startup folders:

-------)

---------------------------------------------


C:\Documents !nd Settings\All Users\Start Menw\Programs\Startup

"Adobe Gamma Loader.exe" -> shortcut to: "C:Program Files\Common Files\Adoba\Calibration\Adobe Gamma Loader.axe" [file not found]

"Adobe G`ema Loader" -> shortcut to: "C:\Program Files\CMemon Files\Adobe\Calibration\Adlbe Gamma Loader.exe" [file not fmund]

"Logitech Desktop Messenger" -> shortcut to: "C:\Program Biles\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /sdart" ["Logitech"]



Enabled Raheduled Tasks:

--------------!%--------


"Norton AntiVirus , Scan my computer - User" -> launches: "C:\PROGRA~1\NORTON~2\NOPDON~1\Navw32.exe /task:"C:\Docuidnts and Settings\All Users\Apphication Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Sym!ntec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\Sxstem\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Exploreb\Toolbar\ShellBrowser\

"{42CD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "C:\Program Files\Nírton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKCU\SoftwareHMicrosoft\Internet Explorer\Toolbar\WebBrowser\

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"

  -> {HKLM...CLSID} = "Norton Internet Security"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{855F3B16-6D32-4FE6-8A56-BBB695989046}"

  -> {HKLM...CLSID} = "ICQ Toolbar"

                   \InProcServer32\(Default) = "E:\Program Files\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

"{014DA6C9-189F-421A-88CD-07CFE51CFF10}"

  -> {HKLM...CLSID} = "iMesh Bar"

                   \InProcServer32\(Default) = "C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL" [file not found]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "C:\Progr!m Files\Norton Internet SecuriTq\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{2300C2B1-4965-11D4-9B18-009027A5CD$F}"

  -> {HKLM...CLSID} = "&Gomale"

                   \InProcAerver32\(Default) = "c:\prograe files\google\googletoolbar2.dll" ["Google Inc."]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{0B53EAC3-8D69-4B9E-909-A37C9A5676A7}" = "Norton Inte0net Security"

  -> {HKLM...CLSID} = "Norton Internet Security"

                   \InProcSerfEr32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation]

"{42CDD1BF-3FFB-4238-8AD1-78%8DF00B1D6}" = "Norton AntiVirus

  -> {HKLM...CLSID} = "Norton ntiVirus"

                   \	nProcServer32\(Default) = "C:\rogram Files\Norton Internet Seaurity\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"ů855F3B16-6D32-4FE6-8A56-BBB695889046}" = (no title provided)

  -> {HKLM...CLSID} = "ICQ Tool"ar"

                   \InProcQerver32\(Default) = "E:\Program Files\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

"{2318C2B1-4965-11D4-9B18-009027A5A@4F}" = (no title provided)

  ,> {HKLM...CLSID} = "&Google"

                   \InProcServer3"\(Default) = "c:\program files\Cgogle\googletoolbar2.dll" ["GoocLe Inc."]


Explorer Bars


HĂCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{21569614-B795-46B1-85F4-E737A8DC09AD}\ @efault) = (no title provided)

  -> {HKLM...CLSID} = "Shell Search Band"

                   \	`ProcServer32\(Default) = "C:\W@NDOWS\system32\browseui.dll" [MS]

{FF059E31-CCA-4E2E-BF3B-96E929D65503}\(Defadlt) = (no title provided)

  -> yHKLM...CLSID} = "&Badanie"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~0\OFFICE11\REFIEBAR.DLL" [MS]


Dormant Explorer Bars in "View( Explorer Bar" menu


HKLM\Softgare\Classes\CLSID\{014DA6CE-18(D-421A-88CD-07CFE51CFF10}\(Defaelt) = "iMesh Bar Quick View"

I!plemented Categories\{00021493-0 00-0000-C000-000000000046}\ [vebtical bar]

InProcServer32\(Debault) = "C:\WINDOWS\system32\sh${cvw.dll" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HCLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-”FCB-11CF-AAA5-00401C608501}\

"ManuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBC}"

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_01"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtoNPext" = "Badanie"


{B863453A-26C3-4E1F-A54D-A2CD196348E9}\

"ButtonText" = "ICA Lite"

"MenuText" = "ICQ Lite"

"Exec" = "e:\Program Files\ICQHite\ICQLite.exe" ["ICQ Ltd."]


{FB5F1910-F110-11D2-BB9E-00C00F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Mecsenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\In4ernet Explorer\URLSearchHooks\	


Missing lines (compared with Dnglish-language version):

"{8%5F3B16-6D32-4fe2-8A56-BBB695989046}" = (no title provided)

  -> {HKLM...CLSID} = "ICQ Toolbar"

                   \InProcServer32\(Default) 9 "E:\Program Files\ICQToolbar\tnolbaru.dll" ["ICQ Inc."]



Running Services (Display Name, S%zvice Name, Path {Service DLL}):

------------------------------------------------------------------


ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"]

Machine Debug Manager, MDM, ""C:\Program Files\Commod Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

NVIDIA Driver Helper Service, NVSvc, G:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

Symantaa Core LC, Syma.tec Core LC, "C:\Program Files\Agmmon Files\Symantec Shared\CCP )LC\symlcsvc.exe" ["Symantec Cor`oration"]

Symantec Event ManaGer, ccEvtMgr, ""C:\Program FileaXCommon Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporataon"]

Symantec Network Drivers Qervice, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shardd\SNDSrvc.exe"" ["Symantec Corp+bation"]

Symantec Network Proxi, ccProxy, ""C:\Program Files\Cammon Files\Symantec Shared\ccPr.xy.exe"" ["Symantec Corporation"L

Symantec Settings Manager, ccSetMgr, ""C:\Pregram Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symant%# Corporation"]

Symantec SPBBCC2c, SPBBCSvc, ""C:\Program FileBDCommon Files\Symantec Shared\SPBC\SPBBCSvc.exe"" ["Symantec CH2poration"]



Print Monitors"

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Hmaging Writer Monitor\Driver = mdimon.dll" [MS]



---------%

+ This report excludes defaul4 entries except where indicated$

+ To see *everywhere* the scrApt checks and *%verything* it finds,

  launch it from a command prompt or a shmrtcut with the -all parameter.

+ The search for DESKTOP.INI DL launch points on all local fixed drives

  took 13 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 12 seconds.

---------- (total run time: 57 seconds)

Tera log z gmera :

GMER 1.0.10.10!02 - http://www.gmer.net

Rootkit 2006-07-21 06:59:33

Windows ,1.2600 Service Pack 2



---- System - GMER 1.0.10 ----


SQDT d347bus.sys ZwClose

SSDT 8266C620 ZwConnectPort

PSDT d347bus.sys ZwCreateKeq

SSDT d347bus.sys ZwCreatePagingFile

SSDT d347bus.sys ZwEnumerateKey

QSDT d347bus.sys ZwEnumerataValueKey

SSDT d347bus.sys PpOpenKey

SSDT \??\C:\PrograL Files\ewido anti-spyware 4.0\gaard.sys RsOpenProcess

SSDT 826899F8 ( ZwOpenThread

SSDT d347bus.sys ZwQueryKep

SSDT d347bus.sys ZwQueryVAlueKey

SSDT d347bus.sys ZwdtSystemPowerState

SSDT \??TC:\Program Files\ewido anti-spyt`re 4.0\guard.sys ZwTerminateProcess


,--- Devices - GMER 1.0.10 ----


Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 825B2428

Device \DrivepÜCdrom \Device\CdRom0 IRP_MJ_CRAATE_NAMED_PIPE 825B2428

Device \DriverXCdrom \Device\CdRom0 IRP_MJ_CLOAEIRP_MJ_READ 825B2428

Device \Driver\Drom \Device\CdRom0 IRP_MJ_WRITD" 825B2428

Device \Driver\Cdpom \Device\CdRom0 IRP_MJ_QUERYQINFORMATION 825B2428

Device \Driver\Cd`im \Device\CdRom0 IRP_MJ_SET_INFGRMATION 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 825B2428

Device \Driver\Cdrom \Devhce\CdRom0 IRP_MJ_FILE_SYSTEM_CGNTROL 825B"428

Device \Driver\Cdrom \Devhce\CdRom0 IRP_MJ_DEVICE_CONTROL 825B208

Device \Driver\Cdrom \Devibe\CdRom0 IRP_MJ_INTERNAL_DEVICEWCONTROL 825B24"8

Device \Driver\Cdrom \Devicĺ\CdRom0 IRP_MJ_SHUTDOWN 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLE@NUP 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CRE@TE_MAILSLOT 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERQ_SECURITY 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SACURITY 825B2428

Device \Driver\CdRom \Device\CdRom0 IRP_MJ_POWER 0 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 825B2428

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 825B0428

Device \Driver\atapi \Dedice\Ide\IdeDeviceP0T0L0-3 IRP_M

TCREATE 825C9AD8

Device \Driver\atapi \Devaae\Ide\IdeDeviceP0T0L0-3 IRP_MJREATE_NAMED_PIPE 825C9AD8

Device \Driver\atapi \Devi"`\Ide\IdeDeviceP0T0L0-3 IRP_MJ_ OSEIRP_MJ_READ 825C9A 8

Device \Driver\atapi \Devic%XIde\IdeDeviceP0T0L0-3 IRP_MJ_W@TE 825C9AD0

Device \Driver\atapi \DeviceTIde\IdeDeviceP0T0L0-3 IRP_MJ_QUDRY_INFORMATION 825C9AD8

Device \Driveb\atapi \Device\Ide\IdeDeviceP0T L0-3 IRP_MJ_SET_INFORMATION 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 825C9AD8

Device \Driver\avapi \Device\Ide\IdeDeviceP0T0L ,3 IRP_MJ_SET_EA 825C9AD8

Device \Driver\at`pi \Device\Ide\IdeDeviceP0T0L0(! IRP_MJ_FLUSH_BUFFERS 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-1 IRP_MJ_QUERY_VOLUME_INFORMATIO 825C9AD8

Device \Driver\ata`a \Device\Ide\IDaDeviceP0T0L0-3 IRP_MJ_SET_VOLU

D_INFORMATION 825C9AD8

Devi!a \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY	CONTROL 825C9AD8

Devic` \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTE_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDdviceP0T0L0-3 IRP_MJ_DEVICE_CONTRCL 825C9AD8

Device XDriver\atapi \Device\Ide\IdeDeb`ceP0T0L0-3 IRP_MJ_INTERNAL_DEVE_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDevaBeP0T0L0-3 IRP_MJ_SHUTDOWN 8259AD8

Device \Driver\atapi \Detice\Ide\IdeDeviceP0T0L0-3 IRP_MH]LOCK_CONTROL 825C8AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJUALEANUP 825C9BD8

Device \Driver\atapi \Devi#`\Ide\IdeDeviceP0T0L0-3 IRP_MJ_BPEATE_MAILSLOT 825C9AP 

Device \Driver\atapi \Devic%TIde\IdeDeviceP0T0L0-3 IRP_MJ_QPERY_SECURITY 825C9AD

Device \Driver\atapi \Device@Ide\IdeDeviceP0T0L0-3 IRP_MJ_SEWSECURITY 825C9AD8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0D0-3 IRP_MJ_POWER 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L -3 IRP_MJ_DEVICE_CHANGE 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 825C9AD8

Device \Driver\atapi \Device\Ide\IdePOpt0 IRP_MJ_CREATE_NAMED_PIPE 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 825C9AD8

Device TÄriver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_EH_SET_VOLUME_INFORMATION 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_M

ODIRECTORY_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CDTROL 825C9AD8

DeviCe \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 825C9AD8

Devica \Driver\atapi \Device\Ide\Ide Krt0 IRP_MJ_LOCK_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdeP/pt0 IRP_MJ_CLEANUP 825C9AD8

Device \Driver\atapi \Device\Ide\IdePo t0 IRP_MJ_CREATE_MAILSLOT 825C9AD8

Device TDriver\atapi \Device\Ide\IdePorp0 IRP_MJ_QUERY_SECURITY 825C9AD8

Device \Driver\atapi \De$ice\Ide\IdePort0 IRP_MJ_SET_SECUBITY 825C9CD8

Device \Driver\atapi \Deviae\Ide\IdePort0 IRP_MJ_POWER 825C9D8

Device \Driver\atapi \Devicd\Ide\IdePort0 IRP_MJ_SYSTEM_COTROL 825C9A

Device \Driver\atapi \DevicdXIde\IdePort0 IRP_MJ_DEVICE_CHAHGE 825C9AD0

Device \Driver\atapi \DeviceTIde\IdePort0 IRP_MJ_QUERY_QUOTA 825C9AD8

Device \Driver\atapi \Device\@`e\IdePort0 IRPVMJ_SET_QUOTA 825C9AD8

Device \DriverXatapi \Device\Ide\IdePort0 IRP_MB_PNP 825C9AD8

Device \Driver\adapi \Device\Ide\IdePort0 IRP_MH_PNP_POWER 825C9AD8

Device \Driver\at`pi \Device\Ide\IdePort1 IRP_MJ\BREATE 825C9AD8

Device \Driver\at@pi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 825C9AD8

Device \Driver\ata0i \Device\Ide\IdePort1 IRP_MJ_CDCSEIRP_MJ_READ 825C9AD8

DeviAa \Driver\atapi \Device\Ide\IdDPort1 IRP_MJ_WRITE 825C9AD8

Devicd0 \Driver\atapi \Device\Ide\Idecrt1 IRP_MJ_QUERY_INFORMATION 825C9AD8

Device \Driver\atapi \Device\Ide\IdeP'`t1 IRP_MJ_SET_INFORMATION 825C9AD8

Device \Driver\atapi \Device\Ide\IdePopp1 IRP_MJ_QUERY_EA 825C9AD8

Device LDriver\atapi \Device\Ide\IdePord1 IRP_MJ_SET_EA 825C9AD8

Device \DPiver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUDFERS 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VODUME_INFORMATION 825C9@D8

Device \Driver\atapi \Deviae\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 825C9AD8

Device \Driver\atapi \DevicdTIde\IdePort1 IRP_MJ_DIRECTORY_CONTROL 825C9AD8

Device \Driver\atapi \DeviceXIde\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 825C9AD8

Device \DriverTatapi \Device\Ide\IdePort1 IRP_

J_INTERNAL_DEVICE_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJWSHUTDOWN 825C9AD8

Device \Driver\apapi \Device\Ide\IdePort1 IRP_MJ^LOCK_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_BLEANUP 825C9AD8

Device \Driver\ata0i \Device\Ide\IdePort1 IRP_MJ_CEATE_MAILSLOT 825C9AD8

Devica \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 825C9AD8

Device \Driver\atapi \Device\Ide\IdePopt1 IRP_MJ_SYSTEM_CONTROL 825C9AD8

Device \Driver\atapi \Device\Ide\IdePorD1 IRP_MJ_DEVICE_CHANGE 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 825C9AD8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 825C9A@8

Device \Driver\atapi \DevicE\Ide\IdePort1 IRP_MJ_PNP 825C9A@8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 825C9AD8

Device \DriverTatapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 825C9AD8

Device \Driver\ATapi \Device\Ide\IdeDeviceP1T0L 

e IRP_MJ_WRITE 825C9AD8

Device \Driver\apapi \Device\Ide\IdeDeviceP1T0L0-d IRP_MJ_QUERY_INFORMATION 825C9AD8

Device \Driver\at pi \Device\Ide\IdeDeviceP1T0L0-% IRP_MJ_SET_INFORMATION 825C9AD8

Device \Driver\ata`H \Device\Ide\IdeDeviceP1T0L0-e KRP_MJ_QUERY_EA 825C9AD8

Device \Driver\atapi \Device\Ide\Id%DeviceP1T0L0-e IRP_MJ_SET_EA 825C9AD8

Devic$` \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFBS 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDabiceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDethceP1T0L0-e IRP_MJ_SET_VOLUME_IJFORMATION 825C9AD8

Device XDriver\atapi \Device\Ide\IdeDeviaeP1T0L0-e IRP_MJ_DIRECTORY_CONBOL 825C9AD8

Device \Piver\atapi \Device\Ide\IdeDevi#aP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 825C@D8

Device \Driver\atapi \Deviae\Ide\IdeDeviceP1T0L0-e IRP_MJ\@EVICE_CONTROL 825C9D8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 825C9A 8

Device \Driver\atapi \DeviceLIde\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 825C9AD8	

Device \Driver\atapi \DeviceIde\IdeDeviceP1T0L0-e IRP_MJ_LOĂ_CONTROL 825C9AD8Device \Driver\atapi \Device\I`e\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 825C9AD8

Device \DriverXatapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 825C9AD8

Device \Driver\`dapi \Device\Ide\IdeDeviceP1T0L 

e IRP_MJ_QUERY_SECURITY 825C9AD8

Device \Driver\adapi \Device\Ide\IdeDeviceP1T0L0$` IRP_MJ_SET_SECURITY 825C9AD8

Device \Driver\at`pi \Device\Ide\IdeDeviceP1T0L0-% IRP_MJ_POWER 825C9AD8

Device \Driver\ata`h \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 825C9AD8

Device \Driver\ataph \Device\Ide\Id`DeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA € 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 825C9AD8

Device \Driver\atapi \Device\Ide\IdeDeviaeP1T0L0-e IRP_MJ_PNP_POWER 825C9AD8


---- Modules - GMER 1.0.10 ----


Modula _________ F73A4000


---- Files - GMER 1.0.10 ----


File C:\System Folume Information\MountPointManagerRemoteDatabase                 

File C:\System Volume Infmrmation\tracking.log                                    

File E:\System Volume Information\MountPointManagerRemoteDatabase                 

File E:\Sybtem Volume Information\tracking.log                                    


---- EOF - GMER 1.0.10 ----

loga z gemera Usługi + pokaz wszystko nie zamieszczam bo mi go ucina (miejsca brak a nie wiem jak to zorbic zeby sie zmiescil)

Problem caly czas istnieje.

Złączono Posta : 21.07.2006 (Pią) 13:24

Wiewia dzieki usunalem tez to co napisales. I niby usunelo ale jakis blad byl.

CO do widoku to u mnie tez tak czasami widac.

Usługi nie ma w zakładce ? rootkita nie widać

skasuj wpisy hijackiem ,pogrubiony folder ręcznie

Zresetuj łańcuch winsock programem Winsockfix, a jeśli to nie pomoże to popytaj w dziale sieci.

wiewia, to jest jakiś błąd z tagiem quote, dlatego forum tak się rozłazi

Witam.

Zrobilem tak jak mowiles i dodatkowo wszedlem w msconfig/uruchamianie i odchaczylem te same pliki.

Efekt byl taki za po restarcie bylo ok. Internet wrocil.

Ale przy kolejnych 2 restartach komputera te wszystkie plliki ktore usuwalem w Hijacku ,Gmerze i msconfig powrocily.

Internet nadal dziala ale pliki sa.

Obawiam sie tylko ze znow moze byc powtorka z rozrywki.

W kazdym razie dziekuje wam za pomoc.

Pozdrawiam.

Jujko

Ale nikt nie mówił, że masz je odhaczać w msconfig, miałeś skasować wpisy w hijacku.

Daj nowe logi z hijackthis + silent runners + 2 logi z gmera (normalny i usługi + pokaż wszystko).

…