Dpkuczliwy proce wintems.exe

damiann69 · 30 Marzec 2007 15:47

Wrzucam logi z Hijacka, Silentrunnera i Comboscana.

Jak wrzucić bardzo długi log z gmera?

Hijackthis:

Logfile of HijackThis v1.99.1 Scan saved at 17:00:11, on 2007-03-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\LClock\lclock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Konnekt\konnekt.exe C:\Program Files\Opera\Opera.exe C:\Download\Logi\gmer\gmer.exe C:\Download\Logi\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O1 - Hosts: 71.202.66.125 l2authd.lineage2.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [HideBUS] C:\Download\HideBUS.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{DA6D1F96-AA43-4ED1-8C2E-56B42635AFE3}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Comboscan:

ComboScan v20070226.18 run by Jurkiewicz on 2007-03-30 at 17:00:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as Jurkiewicz.exe) ------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 17:00:40, on 2007-03-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\LClock\lclock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Konnekt\konnekt.exe C:\Download\Logi\gmer\gmer.exe C:\Download\Logi\comboscan.exe C:\Download\Logi\HIJACK~1\JURKIE~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O1 - Hosts: 71.202.66.125 l2authd.lineage2.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [HideBUS] C:\Download\HideBUS.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{DA6D1F96-AA43-4ED1-8C2E-56B42635AFE3}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe – Files created between 2007-02-28 and 2007-03-30 ------------------------------ 2007-03-30 17:00:31 0 d-------- C:!KillBox 2007-03-25 20:15:08 0 d-------- C:\Program Files\VS Online 2007-03-22 18:19:39 0 d-------- C:\Program Files\Media Player Classic 2007-03-08 17:05:52 0 d-------- C:\Moje Strony Web 2007-03-08 17:05:08 0 d-------- C:\Program Files\WinHTTrack 2007-03-01 18:04:49 1033728 --a------ C:\WINDOWS\kopiaexplorer.exe 2007-03-01 18:04:49 1033728 --a------ C:\WINDOWS\explorer.exe 2007-03-01 16:29:36 0 d-------- C:\Program Files\Gadu-Gadu 2007-02-28 17:09:36 0 d-------- C:\Program Files\Thoosje Vista Sidebar v1.7.8 – Find3M Report ---------------------------------------------------------------- 2007-03-30 16:19:45 458022 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-30 16:19:45 79408 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-30 16:15:45 0 d-------- C:\Program Files\AutoConnect 2007-03-27 20:42:11 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\Skype 2007-03-26 21:45:20 0 d-------- C:\Program Files\Neostrada TP 2007-03-26 19:23:41 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\Azureus 2007-03-24 19:48:41 0 d-------- C:\Program Files\Opera 2007-03-22 18:19:54 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\Media Player Classic 2007-03-22 18:19:42 0 d-------- C:\Program Files\Real Alternative 2007-03-22 15:19:19 0 d-------- C:\Program Files\Replay Converter 2007-03-20 16:35:36 0 d-------- C:\Program Files\Konnekt 2007-03-12 15:23:28 0 d-------- C:\Program Files\LClock 2007-03-12 14:46:03 0 d-------- C:\Program Files\jv16 PowerTools 2006 2007-03-10 18:57:00 0 d-------- C:\Program Files\Styler 2007-03-10 18:57:00 0 d-------- C:\Program Files\Blaero Start Orb 2007-03-02 16:29:04 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-03-02 16:20:59 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\Uniblue 2007-02-28 21:19:10 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\dvdcss 2007-02-27 17:33:13 0 d-------- C:\Program Files\xp-AntiSpy 2007-02-27 16:49:41 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-02-25 21:28:24 0 d-------- C:\Program Files\SkanerOnline 2007-02-25 21:12:33 0 d-------- C:\Program Files\Alwil Software 2007-02-25 15:02:57 4369408 --a------ C:\WINDOWS\system32\logonuiX.exe 2007-02-25 14:10:16 0 d-------- C:\Program Files\Vista Sidebar 2007-02-25 14:05:08 0 d-------- C:\Program Files\microsoft frontpage 2007-02-25 14:01:41 0 d-------- C:\Program Files\HighMAT CD Writing Wizard 2007-02-24 18:47:56 2321280 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-02-24 18:46:37 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\TuneUp Software 2007-02-24 14:53:31 0 d-------- C:\Program Files\WinCustomize 2007-02-24 14:53:31 0 d-------- C:\Program Files\Common Files\Stardock 2007-02-24 14:32:36 504509 --a------ C:\WINDOWS\XP Ultimate Uninstaller.exe 2007-02-24 14:32:35 0 d-------- C:\Program Files\XP Ultimate 2007-02-24 14:00:51 0 d-------- C:\Program Files\Stardock 2007-02-24 13:51:05 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\Styler 2007-02-24 13:47:34 0 d-------- C:\Program Files\VisualTooltip 2007-02-24 13:47:33 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\Stardock 2007-02-23 17:19:20 0 d-------- C:\Program Files\DAEMON Tools 2007-02-23 17:16:27 0 d-------- C:\Program Files\eMule 2007-02-23 17:10:20 0 d-------- C:\Program Files\Azureus 2007-02-23 15:56:28 0 d-------- C:\Program Files\Windows NT 2007-02-18 20:58:50 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\vlc 2007-02-17 19:27:27 0 d-------- C:\Program Files\Skype 2007-02-17 19:27:26 0 d-------- C:\Program Files\Common Files\Skype 2007-02-17 14:38:29 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\Winamp 2007-02-17 14:38:19 0 d-------- C:\Program Files\Winamp 2007-02-17 14:38:04 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\Winampp 2007-02-11 16:54:28 0 d-------- C:\Program Files\Eidos 2007-02-11 16:29:10 0 d-------- C:\Documents and Settings\Jurkiewicz\Dane aplikacji\GetRightToGo 2007-02-01 20:02:44 0 d-------- C:\Program Files\Common Files\InstallShield 2007-01-22 13:00:36 719088 --a------ C:\WINDOWS\system32\SkanerOnline.dll 2007-01-19 10:40:42 89088 --a------ C:\WINDOWS\system32\SkanerOnlineUninstall.exe 2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-10 23:48:19 2919424 --a------ C:\WINDOWS\system32\sysdm.exe – Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” “LClock”=“C:\Program Files\LClock\lclock.exe” “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 “HideBUS”=“C:\Download\HideBUS.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “appinit_dlls”=“wbsys.dll” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ForceClassicControlPanel”=dword:00000001 “NoSaveSettings”=dword:00000000 “NoSMConfigurePrograms”=dword:00000001 “NoRecentDocsMenu”=dword:00000001 “NoLowDiskSpaceChecks”=dword:00000001 “NoSharedDocuments”=dword:00000001 “NoLogoff”=hex:01,00,00,00 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_M_HOOK – End of ComboScan: finished at 2007-03-30 at 17:01:08 -------------------------

Silent runners

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “AutoConnect” = “C:\Program Files\AutoConnect\AutoConnect.exe” [“http://autoconnect.prv.pl”] “LClock” = “C:\Program Files\LClock\lclock.exe” [null data] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “HideBUS” = “C:\Download\HideBUS.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil\Avast4\ashShell.dll” [file not found] “{2F5AC606-70CF-461C-BFE1-734234536262}” = “WindowBlinds CPL Extension” -> {HKLM…CLSID} = “DisplayCplExt Class” \InProcServer32(Default) = “C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll” [“Stardock.Net, Inc”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “wbsys.dll” [“Stardock.Net, Inc”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> WBSrv\DLLName = “C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll” [“Stardock”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil\Avast4\ashShell.dll” [file not found] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil\Avast4\ashShell.dll” [file not found] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “ForceClassicControlPanel” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “NoSMConfigurePrograms” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoRecentDocsMenu” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoSharedDocuments” = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove Shared Documents from My Computer} “NoLogoff” = (REG_BINARY) hex:01 00 00 00 {User Configuration|Administrative Templates|System|Logon/Logoff| Disable Logoff} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRemoteRecursiveEvents” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “NoInternetOpenWith” = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\Download\Vista\Grass.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Download\Vista\Grass.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}” = (no title provided) -> {HKLM…CLSID} = “StylerToolBar” \InProcServer32(Default) = “C:\Program Files\Styler\TB\StylerTB.dll” [“StyleFantasist”] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = (no title provided) -> {HKLM…CLSID} = “ToolBand Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] {FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = (no title provided) -> {HKLM…CLSID} = “&Badanie” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {36ECAF82-3300-8F84-092E-AFF36D6C7040}\ “ButtonText” = “Run WinHTTrack” “MenuText” = “Launch WinHTTrack” “CLSIDExtension” = “{86529161-034E-4F8A-88D2-3C625E612E04}” -> {HKLM…CLSID} = “WinHTTrackLauncher Class” \InProcServer32(Default) = “C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll” [null data] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 1 domain name to an IP address, 1 of the IP addresses is *not* localhost! Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt05\Driver = “hpzsnt05.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 62 seconds, including 12 seconds for message boxes)

adam9870 · 30 Marzec 2007 15:54

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINDOWS\system32\sysdm.exe

Klikasz X czerwony i restart kompa.

Poczytaj - Przywracanie Trybu awaryjnego.

Po wykonaniu pokaż log z ComboFix plus dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

TomaszP · 30 Marzec 2007 15:54

zapisz go do pliku i umieść na jakiejś stronie z uploadem, np. sendspace.com i daj linka

JNJN · 30 Marzec 2007 16:07

Proszę zmienić temat postu na konkretny,opcja zmień i popraw.JNJN

damiann69 · 30 Marzec 2007 17:04

Tryb awaryjny odzyskany.

Pierwsze ustawieine gmera:

http://www.sendspace.com/file/9ak0mg

Drugie ustawienie:

GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-03-30 19:00:56 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [DISABLED] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\system32\DRIVERS\amdk7.sys [sYSTEM] AmdK7 Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service [DISABLED] aswMon2 Service [DISABLED] aswRdr Service [DISABLED] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [DISABLED] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\Ati2evxx.exe [DISABLED] Ati HotKey Poller Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag Service Atierecord Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [DISABLED] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [DISABLED] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [DISABLED] avast! Web Scanner Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [DISABLED] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [MANUAL] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [MANUAL] GEARAspiWDM Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\Drivers\imagedrv.sys [bOOT] imagedrv Service C:\WINDOWS\system32\DRIVERS\imagesrv.sys [bOOT] imagesrv Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service system32\drivers\InCDFs.sys [DISABLED] InCDFs Service system32\drivers\InCDPass.sys [sYSTEM] InCDPass Service system32\drivers\InCDRm.sys [sYSTEM] InCDRm Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [DISABLED] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPod Service Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service C:\Documents and Settings\Jurkiewicz\Dane aplikacji\hidires\m_hook.sys [MANUAL] m_hook Service [bOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [MANUAL] npkcrypt Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [DISABLED] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe [DISABLED] stisvc Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service UnlockerDriver5 Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service usb Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\system32\DRIVERS\viaagp.sys [bOOT] viaagp Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys [bOOT] viaagp1 Service C:\WINDOWS\system32\DRIVERS\viaide.sys [bOOT] ViaIde Service C:\WINDOWS\system32\drivers\vinyl97.sys [MANUAL] VIAudio Service C:\WINDOWS\system32\DRIVERS\videX32.sys [bOOT] videX32 Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service [sYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service [MANUAL] a760pzvj ---- EOF - GMER 1.0.12 ----

Combofix:

“Jurkiewicz” - 07-03-30 18:58:44 Dodatek Service Pack 2 ComboFix 07-03-27.4.2 - Running from: “C:\Documents and Settings\Jurkiewicz\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-30 )))))))))))))))))))))))))))))))))) 2007-03-30 17:00 2007-03-25 20:15 2007-03-22 18:19 2007-03-22 18:19 2007-03-08 17:05 2007-03-08 17:05 2007-03-02 16:20 2007-03-01 18:04 1,033,728 --a------ C:\WINDOWS\kopiaexplorer.exe 2007-03-01 18:04 1,033,728 --a------ C:\WINDOWS\explorer.exe 2007-03-01 16:29 2007-02-28 21:19 2007-02-28 17:09 2007-02-28 17:00 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-30 19:00 79408 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-30 19:00 458022 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-27 20:42 -------- d-------- C:\DOCUME~1\JURKIE~1\DANEAP~1\skype 2007-03-26 21:45 -------- d-------- C:\Program Files\neostrada tp 2007-03-24 19:48 -------- d-------- C:\Program Files\opera 2007-03-22 18:19 -------- d-------- C:\Program Files\real alternative 2007-03-22 15:19 -------- d-------- C:\Program Files\replay converter 2007-03-20 16:35 -------- d-------- C:\Program Files\konnekt 2007-03-12 15:23 -------- d-------- C:\Program Files\lclock 2007-03-12 14:46 -------- d-------- C:\Program Files\jv16 powertools 2006 2007-03-10 18:57 -------- d-------- C:\Program Files\styler 2007-03-10 18:57 -------- d-------- C:\Program Files\blaero start orb 2007-02-27 17:33 -------- d-------- C:\Program Files\xp-antispy 2007-02-25 21:28 -------- d-------- C:\Program Files\skaneronline 2007-02-25 15:02 4369408 --a------ C:\WINDOWS\system32\logonuix.exe 2007-02-25 14:10 -------- d-------- C:\Program Files\vista sidebar 2007-02-25 14:05 -------- d-------- C:\Program Files\microsoft frontpage 2007-02-25 14:01 -------- d-------- C:\Program Files\highmat cd writing wizard 2007-02-24 18:47 2321280 --a------ C:\WINDOWS\system32\tukernel.exe 2007-02-24 18:46 -------- d-------- C:\DOCUME~1\JURKIE~1\DANEAP~1\tuneup software 2007-02-24 14:53 -------- d-------- C:\Program Files\wincustomize 2007-02-24 14:53 -------- d-------- C:\Program Files\Common Files\stardock 2007-02-24 14:32 504509 --a------ C:\WINDOWS\xp ultimate uninstaller.exe 2007-02-24 14:32 -------- d-------- C:\Program Files\xp ultimate 2007-02-24 14:00 -------- d-------- C:\Program Files\stardock 2007-02-24 13:51 -------- d-------- C:\DOCUME~1\JURKIE~1\DANEAP~1\styler 2007-02-24 13:47 -------- d-------- C:\Program Files\visualtooltip 2007-02-24 13:47 -------- d-------- C:\DOCUME~1\JURKIE~1\DANEAP~1\stardock 2007-02-23 17:19 -------- d-------- C:\Program Files\daemon tools 2007-02-23 17:16 -------- d-------- C:\Program Files\emule 2007-02-23 17:10 -------- d-------- C:\Program Files\azureus 2007-02-23 15:56 -------- d-------- C:\Program Files\windows nt 2007-02-18 20:58 -------- d-------- C:\DOCUME~1\JURKIE~1\DANEAP~1\vlc 2007-02-17 19:27 -------- d-------- C:\Program Files\skype 2007-02-17 19:27 -------- d-------- C:\Program Files\Common Files\skype 2007-02-17 14:38 -------- d-------- C:\Program Files\winamp 2007-02-17 14:38 -------- d-------- C:\DOCUME~1\JURKIE~1\DANEAP~1\winampp 2007-02-17 14:38 -------- d-------- C:\DOCUME~1\JURKIE~1\DANEAP~1\winamp 2007-02-11 16:54 -------- d-------- C:\Program Files\eidos 2007-02-11 16:29 -------- d-------- C:\DOCUME~1\JURKIE~1\DANEAP~1\getrighttogo 2007-01-28 21:42 -------- d-------- C:\Program Files\videolan 2007-01-22 13:00 719088 --a------ C:\WINDOWS\system32\skaneronline.dll 2007-01-19 10:40 89088 --a------ C:\WINDOWS\system32\skaneronlineuninstall.exe 2007-01-15 19:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe 2007-01-15 19:23 90112 --a------ C:\WINDOWS\system32\avastss.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” “LClock”=“C:\Program Files\LClock\lclock.exe” “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “HideBUS”=“C:\Download\HideBUS.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “appinit_dlls”=“wbsys.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ForceClassicControlPanel”=dword:00000001 “NoSaveSettings”=dword:00000000 “NoSMConfigurePrograms”=dword:00000001 “NoRecentDocsMenu”=dword:00000001 “NoLowDiskSpaceChecks”=dword:00000001 “NoSharedDocuments”=dword:00000001 “NoLogoff”=hex:01,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_M_HOOK Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\1-Click Maintenance.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes … ? [1792] scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 1 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-30 19:03:26

adam9870 · 30 Marzec 2007 18:23

W Gmerze:

W zakładce Procesy kliknij Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer’a
W zakładce Usługi skasuj z prawokliku usługę m_hook
W zakładce Procesy kliknij Pliki i usuń:

Zrestartuj komputer przyciskiem na obudowie

Poczytaj i zastosuj - Przywracanie Trybu awaryjnego.

Po wykonaniu wklej nowe logi z Gmer’a.

damiann69 · 31 Marzec 2007 09:52

Naprawialem tryb awaryjny, ale gdy to zrobie nie moge wyłączyć komputera(w trakcie zawiesza się) musze resetować, po tym znowu nie dziala tryb awaryjny.

Same usługi

A ze wszystkim jeszcze skanuje

GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-03-31 11:53:05 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [DISABLED] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\system32\DRIVERS\amdk7.sys [sYSTEM] AmdK7 Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service [DISABLED] aswMon2 Service [DISABLED] aswRdr Service [DISABLED] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [DISABLED] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\Ati2evxx.exe [DISABLED] Ati HotKey Poller Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag Service Atierecord Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [DISABLED] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [DISABLED] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [DISABLED] avast! Web Scanner Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [MANUAL] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [MANUAL] GEARAspiWDM Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\Drivers\imagedrv.sys [bOOT] imagedrv Service C:\WINDOWS\system32\DRIVERS\imagesrv.sys [bOOT] imagesrv Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service system32\drivers\InCDFs.sys [DISABLED] InCDFs Service system32\drivers\InCDPass.sys [sYSTEM] InCDPass Service system32\drivers\InCDRm.sys [sYSTEM] InCDRm Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [DISABLED] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPod Service Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service C:\Documents and Settings\Jurkiewicz\Dane aplikacji\hidires\m_hook.sys [MANUAL] m_hook Service [bOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [MANUAL] npkcrypt Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [DISABLED] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe [DISABLED] stisvc Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service UnlockerDriver5 Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [DISABLED] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service usb Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service C:\WINDOWS\system32\DRIVERS\viaagp.sys [bOOT] viaagp Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys [bOOT] viaagp1 Service C:\WINDOWS\system32\DRIVERS\viaide.sys [bOOT] ViaIde Service C:\WINDOWS\system32\drivers\vinyl97.sys [MANUAL] VIAudio Service C:\WINDOWS\system32\DRIVERS\videX32.sys [bOOT] videX32 Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service [sYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service [MANUAL] aciokbs8 ---- EOF - GMER 1.0.12 ----

adam9870 · 31 Marzec 2007 09:57

Możesz przerwać ogóle skanowanie, a dopiero po wykonaniu tego co napisałem poniżej wrzucić od razu dwa kompletne, nowe logi.

Pobierz The avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w lupkę => w okienku, które się otworzy wklej:

=> Kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po resecie może pojawić się okienko na dosłownie kilka sekund oraz log w notatniku. Wejdź tam gdzie masz avengera i skasuj plik backup.zip czyli np. c:\avenger\backup.zip.

Po wykonaniu wklej nowe logi plus zawartość pliku c:\avenger.txt

damiann69 · 31 Marzec 2007 10:45

Nie było pliku backup.zip

Avenger:

Gmer:

GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-03-31 12:46:08 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey ---- Kernel code sections - GMER 1.0.12 ---- .text USBPORT.SYS!DllUnload F6E387AE 1 Byte [E9] .text USBPORT.SYS!DllUnload + 2 F6E387B0 3 Bytes [CE, 78, 8F] .text ntdll.dll!NtClose 7C90D586 5 Bytes JMP 7203407A .text ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 72034205 .text ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 720340E9 .text ntdll.dll!NtCreateSection 7C90D793 5 Bytes JMP 72034098 ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867661D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867661D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{DA6D1F96-AA43-4ED1-8C2E-56B42635AFE3} IRP_MJ_CREATE 862451D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{DA6D1F96-AA43-4ED1-8C2E-56B42635AFE3} IRP_MJ_CLOSE 862451D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{DA6D1F96-AA43-4ED1-8C2E-56B42635AFE3} IRP_MJ_DEVICE_CONTROL 862451D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{DA6D1F96-AA43-4ED1-8C2E-56B42635AFE3} IRP_MJ_INTERNAL_DEVICE_CONTROL 862451D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{DA6D1F96-AA43-4ED1-8C2E-56B42635AFE3} IRP_MJ_CLEANUP 862451D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{DA6D1F96-AA43-4ED1-8C2E-56B42635AFE3} IRP_MJ_PNP 862451D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 865BF7D0 Device \Driver\00000076 \Device\00000045 IRP_MJ_POWER [F7733DB6] sptd.sys Device \Driver\00000076 \Device\00000045 IRP_MJ_SYSTEM_CONTROL [F774973C] sptd.sys Device \Driver\00000076 \Device\00000045 IRP_MJ_PNP [F774277E] sptd.sys Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 865BF7D0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867681D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867681D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 865BF7D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D21D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D21D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 865C4990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 865C4990 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D11D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D11D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D11D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 867D11D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 867D11D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 867D11D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 867D11D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 867D11D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 867D11D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 865C4990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 865C4990 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 862451D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 862451D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 862451D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 862451D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 862451D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 862451D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 865BF7D0 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 865BF7D0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 862241D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 862241D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 862241D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867D21D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867D21D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1 IRP_MJ_CREATE 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1 IRP_MJ_CLOSE 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1 IRP_MJ_DEVICE_CONTROL 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1 IRP_MJ_POWER 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1 IRP_MJ_SYSTEM_CONTROL 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1 IRP_MJ_PNP 8655B1D8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 867671D8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSE 867671D8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL 867671D8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867671D8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 867671D8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 867671D8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 867671D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1Port3Path0Target0Lun0 IRP_MJ_CREATE 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1Port3Path0Target0Lun0 IRP_MJ_CLOSE 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1Port3Path0Target0Lun0 IRP_MJ_POWER 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8655B1D8 Device \Driver\aatc46pl \Device\Scsi\aatc46pl1Port3Path0Target0Lun0 IRP_MJ_PNP 8655B1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8625C540 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8625C540 ---- EOF - GMER 1.0.12 ----

Gmer usługi:

GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-03-31 12:25:07 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [DISABLED] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\system32\DRIVERS\amdk7.sys [sYSTEM] AmdK7 Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service [DISABLED] aswMon2 Service [DISABLED] aswRdr Service [DISABLED] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [DISABLED] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\Ati2evxx.exe [DISABLED] Ati HotKey Poller Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag Service Atierecord Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [DISABLED] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [DISABLED] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [DISABLED] avast! Web Scanner Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [MANUAL] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [MANUAL] GEARAspiWDM Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\System32\Drivers\imagedrv.sys [bOOT] imagedrv Service C:\WINDOWS\system32\DRIVERS\imagesrv.sys [bOOT] imagesrv Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service system32\drivers\InCDFs.sys [DISABLED] InCDFs Service system32\drivers\InCDPass.sys [sYSTEM] InCDPass Service system32\drivers\InCDRm.sys [sYSTEM] InCDRm Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [DISABLED] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPod Service Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [MANUAL] npkcrypt Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [DISABLED] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe [DISABLED] stisvc Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service

adam9870 · 31 Marzec 2007 10:49

Już jest Ok.

damiann69 · 31 Marzec 2007 11:26

Dzięki serdeczne za pomoc.

Zauważylem, że mam takie coś w autostarcie:

usuwać czy zostawić?

Joan · 31 Marzec 2007 11:56

usunąć oczywiście, to od syfa.