Nadal problem z csrss.exe 100% obiążenie procka

w gmerze zrobiłem tak w cmd wkleiłem regedit wkleiłem zabij wszystko i restartowałem kom ręcznie i co dalej każdy plik wklejać i co z nim robić? u jak uruchom restert kompa? konsola nie nie mam płyty z systemem

Złączono Posta : 12.07.2006 (Sro) 0:57

podaj jeszcze raz jakie pliki mam usunąć killboxem

Złączono Posta : 12.07.2006 (Sro) 1:06

znalazłe już i usunołem killboxem

co dalej z tym gmerem

Złączono Posta : 12.07.2006 (Sro) 1:20

dobranoc

Daj log-i kontrolnie z Silenta i gmera

Jak wkleisz komende w zakładkach CMD i regedit po prawej stronie masz opcje uruchom . PO użyciu opcji ZABIJ WSZYSTKO klikasz na uruchom dla każdego z osobna cmd i regedit. Jak tego nie zrobisz tylko restartujesz kompa to nic się nie usuwa

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2006-07-12 11:16:37

Windows 5.1.2600 Dodatek Service Pack 2



---- Devices - GMER 1.0.10 ----

                                                                                       8423A2B8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8423A2B8


Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 84262D40


Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 84262D40

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 84262D40

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 84262D40

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 84262D40

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 84262D40

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_PNP_POWER 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE_NAMED_PIPE 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CLOSEIRP_MJ_READ 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_WRITE 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_INFORMATION 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_INFORMATION 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_EA 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_EA 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_FLUSH_BUFFERS 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_VOLUME_INFORMATION 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DIRECTORY_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DEVICE_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SHUTDOWN 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_LOCK_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CLEANUP 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE_MAILSLOT 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_SECURITY 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_SECURITY 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_POWER 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SYSTEM_CONTROL 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DEVICE_CHANGE 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_QUOTA 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_QUOTA 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_PNP 8423A768

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_PNP_POWER 8423A768


---- Processes - GMER 1.0.10 ----


Process C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe ( ***hidden*** ) 308 <-- ROOTKIT !

Library C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe ( ***hidden*** ) @ C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe [308] 0x00400000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe [308] 0x10000000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\csrss.exe [524] 0x01280000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [548] 0x01120000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\services.exe [592] 0x00040000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\lsass.exe [604] 0x00F20000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [760] 0x00C10000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [824] 0x00C00000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\System32\svchost.exe [860] 0x02490000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [904] 0x00AA0000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [944] 0x00720000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\spoolsv.exe [1060] 0x00E40000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1184] 0x003E0000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [1196] 0x01780000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Spyware Doctor\sdhelp.exe [1304] 0x00C50000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\svchost.exe [1416] 0x008D0000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\system32\wdfmgr.exe [1440] 0x006C0000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [1696] 0x01060000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [1712] 0x028A0000 <-- ROOTKIT !

Library c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.dll ( ***hidden*** ) @ C:\WINDOWS\Explorer.EXE [2012] 0x00F80000 <-- ROOTKIT !


---- Modules - GMER 1.0.10 ----


Module _________ F745F000


---- Registry - GMER 1.0.10 ----


Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@?_zskp`wzwhl^pdciyvsw50inkrwksz_ c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices@?_zskp`wzwhl^pdciyvsw50inkrwksz_ c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe

Reg \Registry\USER\S-1-5-21-789336058-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run@?_zskp`wzwhl^pdciyvsw50inkrwksz_ c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe


---- Files - GMER 1.0.10 ----


File C:\System Volume Information\MountPointManagerRemoteDatabase                                                                                

File C:\System Volume Information\tracking.log                                                                                                   

File C:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}                                                                 

File C:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}                                                                 

File C:\WINDOWS\system32\_zskwrkni05WSVYICDP^LHWZW`P.dll                                                                                         

File E:\System Volume Information\MountPointManagerRemoteDatabase                                                                                

File E:\System Volume Information\tracking.log                                                                                                   

File E:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}                                                                 

File E:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}                                                                 

File E:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}                                                                 

File F:\System Volume Information\MountPointManagerRemoteDatabase                                                                                

File F:\System Volume Information\tracking.log                                                                                                   

File F:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}                                                                 

File F:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}                                                                 

File F:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}                                                                 


---- EOF - GMER 1.0.10 ----

[/code]

[code]“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “˙_zskpwzwhl^pdciyvsw50inkrwksz_" = "c:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “LXBSCATS” = “rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16” [MS] “˙_zskpwzwhl^pdciyvsw50inkrwksz_" = "c:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe” [null data]

Nic dalej to samo jak byś nic nie robił. Nie podałeś informacji czy usuwałeś czy nie . To zrób tak

Wklej w uruchom to

i ok

Następnie wejdz do gmer-a zakładka cmd i wklej

Następnie przejdz do regedit i wklej

Przechodzisz na zakładke procesy wybierasz “ZABIJ WSZYSTKO” potem do zakładki cmd i poprawej masz opcje “URUCHOM” Osobno wybierasz uruchom dla opcji cmd i regedit. Pózniej restart kompa. I zobacz czy poszło

Jesli komendy DEL nie zadziałają użyj opcji w zakładce procesy “PLIKI” na początku tematu miałeś o tym.

po wklejenie w uruchom mam taki komunikat "Załadowano plik zskwrkni05wsvyicdp^lhwzw`p.dll, ale nie można odnaleźć punktu wejścia

DllUnregisterSerwer.Nie można zarejestrować tego pliku. Więc dalej nic nie robię

To przejdz do usuwania w Gmerze.

Musisz te pliki uwalić. Może przeprowadz usuwanie w awaryjnym. I wklejaj komendy. Ja już więcej pomysłów nie mam czytaj co napisałem i działaj

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2006-07-12 12:09:39

Windows 5.1.2600 Dodatek Service Pack 2



---- Devices - GMER 1.0.10 ----


Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8425EB80

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 8425EB80

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 84231578

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 84231578

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 84231578

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 84231578

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8425EB80

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 8425EB80

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 84257340

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 84257340


---- Modules - GMER 1.0.10 ----


Module _________ F745F000


---- Files - GMER 1.0.10 ----


File C:\System Volume Information\MountPointManagerRemoteDatabase                                  

File C:\System Volume Information\tracking.log                                                     

File C:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}                   

File C:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}                   

File E:\System Volume Information\MountPointManagerRemoteDatabase                                  

File E:\System Volume Information\tracking.log                                                     

File E:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}                   

File E:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}                   

File E:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}                   

File F:\System Volume Information\MountPointManagerRemoteDatabase                                  

File F:\System Volume Information\tracking.log                                                     

File F:\System Volume Information\_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}                   

File F:\System Volume Information\_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}                   

File F:\System Volume Information\_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}                   


---- EOF - GMER 1.0.10 ----

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"LXBSCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "PCTools Site Guard"

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "PCTools Browser Monitor"

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  -> {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Folder przesyłania Share-to-Web"

  -> {HKLM...CLSID} = "Folder przesyłania Share-to-Web"

                   \InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"

  -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"

                   \InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies [Description] {enabled Group Policy setting}:

------------------------------------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop"=dword:00000001 

[disables Active Desktop; removes Web tab from Display Properties|

Desktop (tab)|Customize Desktop... (button)|Desktop Items (window)]

{User Configuration|Administrative Templates|Desktop|Active Desktop|

Disable Active Desktop}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop disabled via Group Policy.


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]

myślę że jest ok jeśli tak to zerknij pod innymkontem czy wszystko jest ok

Uff… Poszedł nareście logi czyste :smiley: Chociaż silent nie skończył log nie pełny

Masz jeszcze jakiś problem ??

Wielkie dzięki za pomoc ,na obecną chwilę to nic muszę ochłonąć po tym wszystkim ale jak coś będzie nie tak to sie odezwę. Jeszcze raz bardzo dziękuję :lol: :smiley: