szejk
(szejk)
11 Lipiec 2006 22:52
#21
w gmerze zrobiłem tak w cmd wkleiłem regedit wkleiłem zabij wszystko i restartowałem kom ręcznie i co dalej każdy plik wklejać i co z nim robić? u jak uruchom restert kompa? konsola nie nie mam płyty z systemem
Złączono Posta : 12.07.2006 (Sro) 0:57
podaj jeszcze raz jakie pliki mam usunąć killboxem
Złączono Posta : 12.07.2006 (Sro) 1:06
znalazłe już i usunołem killboxem
co dalej z tym gmerem
Złączono Posta : 12.07.2006 (Sro) 1:20
dobranoc
Gutek
(Gutek)
12 Lipiec 2006 00:08
#22
Daj log-i kontrolnie z Silenta i gmera
system
(system)
12 Lipiec 2006 05:47
#23
Jak wkleisz komende w zakładkach CMD i regedit po prawej stronie masz opcje uruchom . PO użyciu opcji ZABIJ WSZYSTKO klikasz na uruchom dla każdego z osobna cmd i regedit. Jak tego nie zrobisz tylko restartujesz kompa to nic się nie usuwa
szejk
(szejk)
12 Lipiec 2006 09:14
#24
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-12 11:16:37
Windows 5.1.2600 Dodatek Service Pack 2
---- Devices - GMER 1.0.10 ----
8423A2B8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8423A2B8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 84262D40
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 84262D40
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 84262D40
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 84262D40
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 84262D40
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 84262D40
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_PNP_POWER 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE_NAMED_PIPE 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CLOSEIRP_MJ_READ 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_WRITE 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_INFORMATION 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_INFORMATION 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_EA 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_EA 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_FLUSH_BUFFERS 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_VOLUME_INFORMATION 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DIRECTORY_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DEVICE_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SHUTDOWN 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_LOCK_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CLEANUP 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE_MAILSLOT 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_SECURITY 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_SECURITY 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_POWER 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SYSTEM_CONTROL 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DEVICE_CHANGE 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_QUOTA 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_QUOTA 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_PNP 8423A768
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_PNP_POWER 8423A768
---- Processes - GMER 1.0.10 ----
Process C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe ( ***hidden*** ) 308 <-- ROOTKIT !
Library C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe ( ***hidden*** ) @ C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe [308] 0x00400000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe [308] 0x10000000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\csrss.exe [524] 0x01280000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [548] 0x01120000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\services.exe [592] 0x00040000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\lsass.exe [604] 0x00F20000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [760] 0x00C10000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [824] 0x00C00000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\System32\svchost.exe [860] 0x02490000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [904] 0x00AA0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [944] 0x00720000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\spoolsv.exe [1060] 0x00E40000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1184] 0x003E0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [1196] 0x01780000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Spyware Doctor\sdhelp.exe [1304] 0x00C50000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [1416] 0x008D0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\wdfmgr.exe [1440] 0x006C0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [1696] 0x01060000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [1712] 0x028A0000 <-- ROOTKIT !
Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\Explorer.EXE [2012] 0x00F80000 <-- ROOTKIT !
---- Modules - GMER 1.0.10 ----
Module _________ F745F000
---- Registry - GMER 1.0.10 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@?_zskp`wzwhl^pdciyvsw50inkrwksz_ c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices@?_zskp`wzwhl^pdciyvsw50inkrwksz_ c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
Reg \Registry\USER\S-1-5-21-789336058-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run@?_zskp`wzwhl^pdciyvsw50inkrwksz_ c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}
File C:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}
File C:\WINDOWS\system32\_zskwrkni05WSVYICDP^LHWZW`P.dll
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File E:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}
File E:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}
File E:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log
File F:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}
File F:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}
File F:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}
---- EOF - GMER 1.0.10 ----
[/code]
[code]“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “˙_zskpwzwhl^pdciyvsw50inkrwksz_" = "c:\windows\system32_zskwrkni05wsvyicdp^lhwzw
p.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “LXBSCATS” = “rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16” [MS] “˙_zskpwzwhl^pdciyvsw50inkrwksz_" = "c:\windows\system32_zskwrkni05wsvyicdp^lhwzw
p.exe” [null data]
system
(system)
12 Lipiec 2006 09:33
#25
Nic dalej to samo jak byś nic nie robił. Nie podałeś informacji czy usuwałeś czy nie . To zrób tak
Wklej w uruchom to
i ok
Następnie wejdz do gmer-a zakładka cmd i wklej
Następnie przejdz do regedit i wklej
Przechodzisz na zakładke procesy wybierasz “ZABIJ WSZYSTKO” potem do zakładki cmd i poprawej masz opcje “URUCHOM” Osobno wybierasz uruchom dla opcji cmd i regedit. Pózniej restart kompa. I zobacz czy poszło
Jesli komendy DEL nie zadziałają użyj opcji w zakładce procesy “PLIKI” na początku tematu miałeś o tym.
szejk
(szejk)
12 Lipiec 2006 09:45
#26
po wklejenie w uruchom mam taki komunikat "Załadowano plik zskwrkni05wsvyicdp^lhwzw`p.dll, ale nie można odnaleźć punktu wejścia
DllUnregisterSerwer.Nie można zarejestrować tego pliku. Więc dalej nic nie robię
system
(system)
12 Lipiec 2006 09:48
#27
To przejdz do usuwania w Gmerze.
Musisz te pliki uwalić. Może przeprowadz usuwanie w awaryjnym. I wklejaj komendy. Ja już więcej pomysłów nie mam czytaj co napisałem i działaj
szejk
(szejk)
12 Lipiec 2006 10:09
#28
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-12 12:09:39
Windows 5.1.2600 Dodatek Service Pack 2
---- Devices - GMER 1.0.10 ----
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8425EB80
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 8425EB80
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 84231578
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 84231578
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 84231578
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 84231578
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8425EB80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 8425EB80
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 84257340
Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 84257340
---- Modules - GMER 1.0.10 ----
Module _________ F745F000
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}
File C:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File E:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}
File E:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}
File E:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log
File F:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}
File F:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}
File F:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}
---- EOF - GMER 1.0.10 ----
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LXBSCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Folder przesyłania Share-to-Web"
-> {HKLM...CLSID} = "Folder przesyłania Share-to-Web"
\InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
-> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
\InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies [Description] {enabled Group Policy setting}:
------------------------------------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoActiveDesktop"=dword:00000001
[disables Active Desktop; removes Web tab from Display Properties|
Desktop (tab)|Customize Desktop... (button)|Desktop Items (window)]
{User Configuration|Administrative Templates|Desktop|Active Desktop|
Disable Active Desktop}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop disabled via Group Policy.
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]
myślę że jest ok jeśli tak to zerknij pod innymkontem czy wszystko jest ok
system
(system)
12 Lipiec 2006 10:16
#29
Uff… Poszedł nareście logi czyste Chociaż silent nie skończył log nie pełny
Masz jeszcze jakiś problem ??
szejk
(szejk)
12 Lipiec 2006 10:25
#30
Wielkie dzięki za pomoc ,na obecną chwilę to nic muszę ochłonąć po tym wszystkim ale jak coś będzie nie tak to sie odezwę. Jeszcze raz bardzo dziękuję :lol: