Nie mogę pozbyć się trojanów i fałszywych portali

griszka · 16 Marzec 2007 18:03

proszę o sprawdzenie loga

Logfile of HijackThis v1.99.1 Scan saved at 19:01:01, on 2007-03-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe D:\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Internet Explorer\iexplore.exe D:\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\inf\mssys.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Onet\Listonosz\Listonosz.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\DOCUME~1\griszk@\USTAWI~1\Temp\Katalog tymczasowy 19 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ent.sina.union123.com/indexx.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ent.sina.union123.com/indexx.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush0.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: TBSB03263 - {EEC7E620-B32A-4E3B-B200-291660803474} - C:\PROGRA~1\365_EQ~1\eqiso.dll (file missing) O3 - Toolbar: ??? - {33E640D8-EB95-4B22-B475-1852B7D35993} - C:\Program Files\365_EQISOSO\eqiso.dll (file missing) O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “D:\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [mssys] C:\WINDOWS\inf\mssys.exe O4 - HKCU…\Run: [mshtmll] regsvr32 /s C:\WINDOWS\inf\mshtmll.dll O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: jsefusf - Unknown owner - C:\WINDOWS\system32\jsefusf.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: System Set Service (SystemSet) - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)

Monczkin · 16 Marzec 2007 18:07

griszka a co konkretnie się dziej ?? Może tak opisze dokładnie problem ??

adam9870 · 16 Marzec 2007 19:33

Nie trzymaj hijacka w TEMPie lub innym katalogu tymczasowym. Umieść go np. na pulpicie.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT i uruchom go w trybie awaryjnym.

Usuń wpisy HJT.

Po wykonaniu proszę pokazać nowy log z HijackThis plus z SilentRunners.

griszka · 16 Marzec 2007 20:12

sytuacja wygląda tak że komp zaczął świrować ,muli, przy otwieraniu pojawia się błąd aplikacji fgdfsdf exe.Avast pokazuje masę koni trojańskich z którymi nic nie można zrobić bo wyskakuje błąd pliku pozatym ciągle otwierają się jakieś chińskie czy japońskie strony…

Logfile of HijackThis v1.99.1 Scan saved at 20:58:17, on 2007-03-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe D:\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\Svchost.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\griszk@\USTAWI~1\Temp\Katalog tymczasowy 21 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ent.sina.union123.com/indexx.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ent.sina.union123.com/indexx.htm O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush0.dll O2 - BHO: (no name) - {1D9B3FA1-DF9F-E3C3-B1E8-A458F984B01A} - C:\WINDOWS\inf\mshtmll.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: ??? - {33E640D8-EB95-4B22-B475-1852B7D35993} - C:\Program Files\365_EQISOSO\eqiso.dll (file missing) O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “D:\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe “Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “(Default)” = “(empty string)” [file not found] “Sony Ericsson PC Suite” = ““C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions” [“Sony Ericsson Mobile Communications AB”] “Onet.pl AutoUpdate” = “C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” [“Onet.pl”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “!AVG Anti-Spyware” = ““D:\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {11F09AFD-75AD-4E51-AB43-E09E9351CE16}(Default) = “AdPopup” -> {HKLM…CLSID} = “CAdLogic Object” \InProcServer32(Default) = “C:\Program Files\Common Files\CPUSH\cpush0.dll” [null data] {1D9B3FA1-DF9F-E3C3-B1E8-A458F984B01A}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\inf\mshtmll.dll” [file not found] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll” [“Alcohol Soft Development Team”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Context Menu Shell Extension” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “D:\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“aswBoot.exe /M:93ab8bc7” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “D:\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “D:\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktop” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ClassicShell” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} “NoThemesTab” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Enable Active Desktop} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options| Remove Task Manager} “NoDispAppearancePage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoColorChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSizeChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispBackgroundPage” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Hide Desktop tab} “NoDispScrSavPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispCPL” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Remove Display in Control Panel} “NoVisualStyleChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispSettingsPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\griszk@\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\WISA_6~1.SCR” (WISŁA_6.scr) [null data] Startup items in “griszk@” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\griszk@\Menu Start\Programy\Autostart “Yahoo! Widget Engine” -> shortcut to: “D:\Yahoo! Widget Engine\YahooWidgetEngine.exe” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] “{33E640D8-EB95-4B22-B475-1852B7D35993}” -> {HKLM…CLSID} = “???” \InProcServer32(Default) = “C:\Program Files\365_EQISOSO\eqiso.dll” [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{33E640D8-EB95-4B22-B475-1852B7D35993}” = (no title provided) -> {HKLM…CLSID} = “???” \InProcServer32(Default) = “C:\Program Files\365_EQISOSO\eqiso.dll” [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “D:\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Portable Media, WmdmPMD, “C:\WINDOWS\system32\Svchost.exe -k WmdmPMD” {“C:\WINDOWS\system32\MDserivces\services\svchost.dll” [MS]} StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 184 seconds. ---------- (total run time: 366 seconds)

adam9870 · 16 Marzec 2007 20:24

Nie masz przypadkiem objaw podobnych, które zostały opisane TUTAJ? Coraz bardziej to podejrzewam ponieważ objawy, o których wspomniałeś są dość podobne a poza tym wszystko wróciło:

O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush0.dll O2 - BHO: (no name) - {1D9B3FA1-DF9F-E3C3-B1E8-A458F984B01A} - C:\WINDOWS\inf\mshtmll.dll (file missing) O3 - Toolbar: Pytajnik? - {33E640D8-EB95-4B22-B475-1852B7D35993} - C:\Program Files\365_EQISOSO\eqiso.dll (file missing) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {11F09AFD-75AD-4E51-AB43-E09E9351CE16}(Default) = “AdPopup” -> {HKLM…CLSID} = “CAdLogic Object” \InProcServer32(Default) = “C:\Program Files\Common Files\CPUSH\cpush0.dll” [null data] {1D9B3FA1-DF9F-E3C3-B1E8-A458F984B01A}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\inf\mshtmll.dll” [file not found] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{33E640D8-EB95-4B22-B475-1852B7D35993}” -> {HKLM…CLSID} = “Pytajnik?” \InProcServer32(Default) = “C:\Program Files\365_EQISOSO\eqiso.dll” [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{33E640D8-EB95-4B22-B475-1852B7D35993}” = (no title provided) -> {HKLM…CLSID} = “Pytajnik?” \InProcServer32(Default) = “C:\Program Files\365_EQISOSO\eqiso.dll” [file not found]

Pokaż log z ComboFix plus dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

griszka · 17 Marzec 2007 10:29

oto logi ComboScan v20070306.20 run by griszk@ on 2007-03-17 at 10:24:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as griszk@.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:24:27, on 2007-03-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe D:\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\Svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\inf\mssys.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Documents and Settings\griszk@\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\griszk@.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ent.sina.union123.com/indexx.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ent.sina.union123.com/indexx.htm O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush0.dll O2 - BHO: (no name) - {1D9B3FA1-DF9F-E3C3-B1E8-A458F984B01A} - C:\WINDOWS\inf\mshtmll.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: ??? - {33E640D8-EB95-4B22-B475-1852B7D35993} - C:\Program Files\365_EQISOSO\eqiso.dll (file missing) O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “D:\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [mshtmll] regsvr32 /s C:\WINDOWS\inf\mshtmll.dll O4 - HKCU…\Run: [mssys] C:\WINDOWS\inf\mssys.exe O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe – Files created between 2007-02-17 and 2007-03-17 ----------------------------- 2007-03-17 10:23:55 179083 --a------ C:\WINDOWS\system32\adfweradfweds4.exe 2007-03-16 22:28:53 25904 --a------ C:\WINDOWS\system32\cdsdf.exe 2007-03-16 22:25:45 45988 --a------ C:\WINDOWS\system32\431174080340.dat<431174~1.DAT> 2007-03-16 20:51:13 0 d-------- C:\Program Files\Common Files\CPUSH 2007-03-16 17:24:40 213284 --a------ C:\WINDOWS\system32\drivers\acpidisk.sys 2007-03-16 17:24:17 179083 --a------ C:\WINDOWS\system32\adfweradfweds7.exe 2007-03-16 17:23:44 92164 --a------ C:\WINDOWS\system32\adfweradfweds6.exe 2007-03-16 17:22:38 111971 --a------ C:\WINDOWS\system32\adfweradfweds1.exe 2007-03-15 10:45:02 89604 --a------ C:\WINDOWS\system32\adfweds2.exe 2007-03-14 12:26:05 204288 --a------ C:\WINDOWS\system32\mopeljjlekn.dll 2007-03-14 12:25:10 44428 --a------ C:\WINDOWS\system32\431173871503.dat<431173~2.DAT> 2007-03-14 10:54:29 183560 --a------ C:\WINDOWS\system32\adfweds5.exe 2007-03-14 10:54:18 179083 --a------ C:\WINDOWS\system32\adfweds4.exe 2007-03-14 09:18:03 179083 --a------ C:\WINDOWS\system32\adfweds3.exe 2007-03-14 09:17:35 111971 --a------ C:\WINDOWS\system32\adfweds1.exe 2007-03-13 19:06:21 20480 --a------ C:\WINDOWS\system32\todayws5.exe 2007-03-13 19:05:11 204288 --a------ C:\WINDOWS\system32\cuhyjymtuex.dll 2007-03-13 16:33:11 204288 --a------ C:\WINDOWS\system32\opfrwwwwokn.dll 2007-03-13 14:21:42 0 d-------- C:\Program Files\Common Files\Skype 2007-03-13 14:21:22 0 d-------- C:\Program Files\Skype 2007-03-13 14:20:51 0 --a------ C:\WINDOWS\ntters.dll 2007-03-13 14:07:43 0 d-------- C:\WINDOWS\system32\MDserivces 2007-03-13 14:07:29 179237 --a------ C:\WINDOWS\system32\todayws3.exe 2007-03-13 14:07:23 89604 --a------ C:\WINDOWS\system32\todayws2.exe 2007-03-13 14:07:15 111976 --a------ C:\WINDOWS\system32\todayws1.exe 2007-03-12 16:09:49 112034 --a------ C:\WINDOWS\system32\ssfwss2.exe 2007-03-12 16:09:28 179237 --a------ C:\WINDOWS\system32\ssfwss1.exe 2007-03-12 16:09:20 36605 --a------ C:\WINDOWS\system32\bdrrdf.dll 2007-03-12 16:09:19 42860 --a------ C:\WINDOWS\system32\fgdfsdf.exe 2007-03-08 20:53:20 190932 --a------ C:\WINDOWS\winlogin.exe 2007-03-08 11:23:32 108106 --a------ C:\WINDOWS\system32\mcdirs1.exe 2007-03-06 14:35:05 26386 --a------ C:\WINDOWS\system32\431173188093.dat<431173~1.DAT> 2007-03-03 18:27:43 65419 --a------ C:\WINDOWS\system32\jjgfst1.exe 2007-03-02 21:03:32 26130 --a------ C:\WINDOWS\system32\ffudf.exe 2007-03-02 18:34:45 2305 --a------ C:\WINDOWS\gmer.reg 2007-03-02 18:18:49 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-02 10:00:17 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-01 21:55:04 0 d------c- C:!KillBox 2007-02-28 21:11:16 42636 --a------ C:\WINDOWS\system32\jsds3utj.dat 2007-02-28 10:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-02-27 19:03:51 1 --a------ C:\WINDOWS\system32\index.dat 2007-02-27 18:40:11 23 --a------ C:\WINDOWS\temp.exe 2007-02-27 18:33:05 0 d------c- C:\temp 2007-02-27 11:22:14 0 d-------- C:\WINDOWS\system32\system 2007-02-27 11:22:01 206797 --a------ C:\WINDOWS\system32\12.exe 2007-02-26 20:05:26 285584 --a------ C:\WINDOWS\system32\dufs1.exe 2007-02-26 20:04:03 87535 --a------ C:\WINDOWS\system32\1010s.exe 2007-02-26 20:03:42 244 --a------ C:\WINDOWS\system32\B11E4BF2.dat 2007-02-21 17:26:07 434252 --a------ C:\WINDOWS\system32\Msvcrtd.dll 2007-02-17 19:59:24 0 d-------- C:\Program Files\MarBit – Find3M Report --------------------------------------------------------------- 2007-03-17 10:22:21 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Skype 2007-03-15 16:40:33 0 d-------- C:\Program Files\Real 2007-03-12 18:33:07 0 d-------- C:\Program Files\Google 2007-03-06 22:14:27 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\ppstream 2007-03-06 22:14:12 0 d-------- C:\Program Files\PPStream 2007-02-28 10:14:06 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Lavasoft 2007-02-21 17:26:15 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\SmartShopper 2007-02-18 09:15:03 0 d-------- C:\Program Files\DivX 2007-02-17 19:13:49 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Media Player Classic 2007-02-17 19:08:55 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Real 2007-02-16 22:34:18 0 d-------- C:\Program Files\Ski Jump International 2007-02-16 17:21:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-16 11:23:35 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Apple Computer 2007-02-16 11:23:15 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-16 11:22:57 0 d-------- C:\Program Files\QuickTime 2007-02-02 23:07:44 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Azureus 2007-02-02 19:42:40 65448 --a------ C:\Documents and Settings\griszk@\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-02-01 05:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 18:32:46 0 d-------- C:\Program Files\BearShare 2007-01-30 06:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 06:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 06:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 05:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 05:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-28 22:59:22 0 d-------- C:\Program Files\Yahoo! 2007-01-28 21:32:14 0 d-------- C:\Program Files\Ahead 2007-01-28 21:30:02 0 d-------- C:\Program Files\ffdshow 2007-01-25 20:39:40 0 d-------- C:\Program Files\Mozilla Firefox 2007-01-21 23:12:37 0 d-------- C:\Program Files\Common Files\Onet.pl 2007-01-21 23:12:25 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Onet 2007-01-21 23:12:25 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\MozillaControl 2007-01-21 23:12:22 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Listonosz 2007-01-21 23:12:21 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\AutoUpdate 2007-01-20 21:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-11 14:21:45 439528 --a----c- C:\WINDOWS\system32\perfh015.dat 2007-01-11 14:21:45 68450 --a----c- C:\WINDOWS\system32\perfc015.dat 2006-12-25 14:15:07 2938 --a----c- C:\WINDOWS\mozver.dat 2006-12-23 22:30:58 28672 --a------ C:\WINDOWS\kmouse32.dll 2006-12-23 22:30:57 4557470 --a------ C:\WINDOWS\WISŁA_6.exe 2006-12-23 22:30:52 86568 --a------ C:\WINDOWS\WISŁA_6.scr – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “mshtmll”=“regsvr32 /s C:\WINDOWS\inf\mshtmll.dll” “mssys”=“C:\WINDOWS\inf\mssys.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” @="" “Sony Ericsson PC Suite”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “!AVG Anti-Spyware”="“D:\AVG Anti-Spyware 7.5\avgas.exe” /minimized" “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 “NoDispAppearancePage”=dword:00000000 “NoColorChoice”=dword:00000000 “NoSizeChoice”=dword:00000000 “NoDispBackgroundPage”=dword:00000000 “NoDispScrSavPage”=dword:00000000 “NoDispCPL”=dword:00000000 “NoVisualStyleChoice”=dword:00000000 “NoDispSettingsPage”=dword:00000000 “DisableRegistryTools”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktopChanges”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktop”=dword:00000000 “NoSaveSettings”=dword:00000000 “NoThemesTab”=dword:00000000 “ForceActiveDesktopOn”=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WmdmPMD REG_MULTI_SZ WmdmPMD\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{70237cf1-1d61-11db-b9db-00138f291aa7}] Shell\AutoRun\command G:\Autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{8e2a953c-82cc-11db-bb23-00138f291aa7}] Shell\AutoRun\command F:\autorun.exe – End of ComboScan: finished at 2007-03-17 at 10:25:01 ------------------------ GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-03-17 11:27:48 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service C:\WINDOWS\system32\drivers\acpidisk.sys [AUTO] acpidisk Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service D:\AVG Anti-Spyware 7.5\guard.sys [sYSTEM] AVG Anti-Spyware Driver Service D:\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service C:\WINDOWS\system32\B11E4BF2.EXE [DISABLED] B11E4BF2 Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\DOCUME~1\griszk@\USTAWI~1\Temp\cdiskdun.sys [MANUAL] cdiskdun Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [AUTO] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\system32\DRIVERS\irsir.sys [MANUAL] irsir Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\DRIVERS\MA-620.sys [MANUAL] MA-620 Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service ndisrd Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service C:\WINDOWS\system32\npptNT2.sys [sYSTEM] NPPTNT2 Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\skbusenum.sys [MANUAL] skbusenum Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\DRIVERS\st3wolf.sys [MANUAL] st3wolf Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [AUTO] StarWindService Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [bOOT] stwlfbus Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service C:\WINDOWS\System32\DRIVERS\swvnbi60.sys [bOOT] swvnbi60 Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\system32\drivers\klif.sys [MANUAL] TSP Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service C:\WINDOWS\system32\drivers\VirtualK.sys [bOOT] VirtualK Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\system32\Svchost.exe [AUTO] WmdmPMD Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {07F9D194-CE5F-4342-8481-551C699EC495} Service {8F0086FF-ABF7-4101-B033-9867B3B21653} Service {E1E9BE00-C4B1-4BF6-BAF0-439D52635049} Service [MANUAL] atwb1gb0 ---- EOF - GMER 1.0.12 ---- link z gmera jest tutaj http://www.imagic.pl/upload/

adam9870 · 17 Marzec 2007 12:06

Przeskanuj plik C:\WINDOWS\system32\cdsdf.exe na stronie http://virusscan.jotti.org/ a jeśli okaże się szkodliwy to na początku pliku FIX.BAT dodaj linijkę:

Otwórz Notatnik i wklej w nim to:

gmer -del file C:\WINDOWS\system32\adfweradfweds4.exe gmer -del file C:\WINDOWS\system32\431174080340.dat gmer -del file C:\Program Files\Common Files\CPUSH gmer -del file C:\WINDOWS\system32\adfweradfweds7.exe gmer -del file C:\WINDOWS\system32\adfweradfweds6.exe gmer -del file C:\WINDOWS\system32\adfweradfweds1.exe gmer -del file C:\WINDOWS\system32\adfweds2.exe gmer -del file C:\WINDOWS\system32\mopeljjlekn.dll gmer -del file C:\WINDOWS\system32\431173871503.dat gmer -del file C:\WINDOWS\system32\adfweds5.exe gmer -del file C:\WINDOWS\system32\adfweds4.exe gmer -del file C:\WINDOWS\system32\adfweds3.exe gmer -del file C:\WINDOWS\system32\adfweds1.exe gmer -del file C:\WINDOWS\system32\todayws5.exe gmer -del file C:\WINDOWS\system32\cuhyjymtuex.dll gmer -del file C:\WINDOWS\system32\opfrwwwwokn.dll gmer -del file C:\WINDOWS\ntters.dll gmer -del file C:\WINDOWS\system32\todayws3.exe gmer -del file C:\WINDOWS\system32\todayws2.exe gmer -del file C:\WINDOWS\system32\todayws1.exe gmer -del file C:\WINDOWS\system32\ssfwss2.exe gmer -del file C:\WINDOWS\system32\ssfwss1.exe gmer -del file C:\WINDOWS\system32\bdrrdf.dll gmer -del file C:\WINDOWS\system32\fgdfsdf.exe gmer -del file C:\WINDOWS\winlogin.exe gmer -del file C:\WINDOWS\system32\mcdirs1.exe gmer -del file C:\WINDOWS\system32\431173188093.dat gmer -del file C:\WINDOWS\system32\jjgfst1.exe gmer -del file C:\WINDOWS\system32\ffudf.exe gmer -del file C:\WINDOWS\system32\jsds3utj.dat gmer -del file C:\WINDOWS\temp.exe gmer -del file C:\WINDOWS\system32\12.exe gmer -del file C:\WINDOWS\system32\dufs1.exe gmer -del file C:\WINDOWS\system32\1010s.exe gmer -del file C:\WINDOWS\system32\B11E4BF2.dat gmer -del file C:\WINDOWS\system32\drivers\acpidisk.sys gmer -del file C:\WINDOWS\system32\B11E4BF2.EXE gmer -del file C:\DOCUME~1\griszk@\USTAWI~1\Temp gmer -del file C:\WINDOWS\system32\DRIVERS\skbusenum.sys gmer -del file C:\WINDOWS\System32\DRIVERS\swvnbi60.sys gmer -del file C:\WINDOWS\system32\drivers\VirtualK.sys gmer -del file C:\Program Files\365_EQISOSO gmer -del file C:\WINDOWS\inf\mshtmll.dll gmer -del file C:\WINDOWS\inf\mssys.exe gmer -del service acpidisk gmer -del service B11E4BF2 gmer -del service cdiskdun gmer -del service edfscv gmer -del service skbusenum gmer -del service swvnbi60 gmer -del service VirtualK gmer -reboot

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Pobierz Gmer’a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

W zakładce Procesy kliknij Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer’a
W zakładce Procesy przez … (trzy kropki) wskaż plik FIX.BAT. Przez chwilkę mignie ekran i komputer się zrestartuje.
Po resecie otwórz Gmer’a i do zakładki CMD z zaznaczoną opcją REGEDIT.EXE wklej:

Kliknij Uruchom i reset.

Usuń wpisy HJT jeśli będą.

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Zrób update bazy wirusów AVG Anti-Spyware, przeskanuj nim i usuń wszystko, co znajdzie.

Po wykonaniu wklej nowy log z ComboScan i Gmer’a (usługi + pokazuj wszystko).

griszka · 20 Marzec 2007 21:39

coś jest nie tak gdyż ciągle wyskakują mi nowe trojany z którymi avast nic nie może zrobić ani usunąc ani podddać kwarantanie musze wymuszać przeniesienie poza tym czały czas te chinskie strony !!! ][zatym gmer na czerwono pokazuje pewne modyfikacje które zrobił chyba rookit … nicComboScan v20070306.20 run by griszk@ on 2007-03-20 at 22:34:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as griszk@.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:34:38, on 2007-03-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system\REM0REG.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\Svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\MSRundll.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\griszk@\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\griszk@.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kzdh.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://caiyi8.com F2 - REG:system.ini: Shell=Explorer.exe realshed.exe O1 - Hosts: 60.191.254.254 auto.search.msn.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: TBSB04694 - {F943309C-4AF4-4D85-8064-FD20184B99EA} - C:\PROGRA~1\AB12~1\cneqiso.dll O3 - Toolbar: ??? - {5558D3F3-87EB-4335-BE71-C6E8E468D166} - C:\Program Files\Ň»ĆđËŃ\cneqiso.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [system] C:\Program Files\Common Files\System\Updaterun.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: ruango.lnk = ? O4 - Global Startup: WanSo.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ˛Ć¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\˛Ć¸»Í¨\caif.dll (file missing) (HKCU) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: 6CA2043C - Unknown owner - C:\WINDOWS\system32\6CA2043C.EXE (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: REM0TE REGISTRY (REM0TEREGISTRY) - Unknown owner - C:\WINDOWS\system\REM0REG.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe – Files created between 2007-02-20 and 2007-03-20 ----------------------------- 2007-03-20 20:59:20 0 --a------ C:\WINDOWS\system32\apilogs.dll 2007-03-20 16:42:54 46866 --a------ C:\WINDOWS\system32\431174405370.dat<4324DA~1.DAT> 2007-03-20 14:51:12 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-20 14:51:06 0 d-------- C:\Program Files\Grisoft 2007-03-20 11:28:59 46848 --a------ C:\WINDOWS\system32\431174386536.dat<4345C6~1.DAT> 2007-03-20 10:44:03 39 --a------ C:\WINDOWS\system32\ELRZHNVBJPWCJQX.DLL 2007-03-18 21:12:09 0 d-------- C:\Program Files\Ň»ĆđËŃ 2007-03-18 09:12:46 46450 --a------ C:\WINDOWS\system32\431174205553.dat<433ACA~1.DAT> 2007-03-17 14:11:30 17254 --a------ C:\WINDOWS\system32\adfweradfweds3.exe 2007-03-17 14:10:24 45734 --a------ C:\WINDOWS\system32\431174137005.dat<431174~4.DAT> 2007-03-17 14:10:05 25904 --a------ C:\WINDOWS\system32\cdsdf.exe 2007-03-17 14:06:09 242114 --a------ C:\WINDOWS\system32\117413676810.exe<116D21~1.EXE> 2007-03-17 14:02:45 57344 --a------ C:\WINDOWS\g3.exe 2007-03-17 14:01:27 20480 --a------ C:\WINDOWS\system32\11741364862.exe<11A7B6~1.EXE> 2007-03-17 14:00:39 183560 --a------ C:\WINDOWS\system32\11741364231.exe<1197A0~1.EXE> 2007-03-17 14:00:31 67 --a------ C:\WINDOWS\system32\ZSMFBVO.DLL 2007-03-17 14:00:29 1281 --a------ C:\WINDOWS\system32\mPe1aD0J.dll 2007-03-17 14:00:24 375296 --a------ C:\WINDOWS\system32\realshed.exe 2007-03-17 14:00:24 910336 --a------ C:\WINDOWS\system32\ntd11.dll 2007-03-17 13:57:51 445440 --a------ C:\WINDOWS\system32\117413626813.exe<117D2C~1.EXE> 2007-03-17 13:54:56 3712 --a------ C:\WINDOWS\system32\11741360957.exe<119DC0~1.EXE> 2007-03-17 13:42:13 145672 --a------ C:\WINDOWS\system32\117413533113.exe<117413~4.EXE> 2007-03-17 13:42:08 22 --a------ C:\WINDOWS\system32\drivers\MS396.sys 2007-03-17 13:42:08 86016 --a------ C:\WINDOWS\system\REM0REG.EXE 2007-03-17 13:42:06 106496 --a------ C:\WINDOWS\system32\MSa18.exe 2007-03-17 13:42:06 106496 --a------ C:\WINDOWS\system\MFS0FT.DLL 2007-03-17 13:42:06 417792 --a------ C:\WINDOWS\MSf4.dll 2007-03-17 13:42:05 417792 --a------ C:\WINDOWS\system\AV1CAP.dll 2007-03-17 13:42:05 0 d-------- C:\WINDOWS\cursor 2007-03-17 13:40:40 16384 --a------ C:\WINDOWS\system32\msinst.exe 2007-03-17 13:40:39 135168 --a------ C:\WINDOWS\system32\11741352349.exe<117413~3.EXE> 2007-03-17 13:40:15 3712 --a------ C:\WINDOWS\system32\11741352077.exe<117413~1.EXE> 2007-03-17 13:39:48 33280 --a------ C:\WINDOWS\system32\MSRundll.exe 2007-03-17 13:39:48 0 d-------- C:\Program Files\Common Files\Ruango 2007-03-17 13:38:40 0 d-------- C:\Program Files\superutilbar 2007-03-17 13:38:37 278151 --a------ C:\WINDOWS\bar.exe 2007-03-17 13:38:15 57344 --a------ C:\WINDOWS\f2.exe 2007-03-17 13:38:13 38400 -r------- C:\WINDOWS\system32\drivers\fkwld.sys 2007-03-17 13:38:03 0 d-------- C:\Program Files\Common Files\WANSO 2007-03-17 13:34:33 20480 --a------ C:\WINDOWS\system32\11741348712.exe<117413~2.EXE> 2007-03-17 13:33:11 14336 --a------ C:\WINDOWS\system32\6CA2043C.DLL 2007-03-17 13:33:09 20082 --a------ C:\WINDOWS\system32\6CA2043CT.EXE<6CA204~1.EXE> 2007-03-17 12:28:04 45734 --a------ C:\WINDOWS\system32\431174130867.dat<431174~3.DAT> 2007-03-17 11:24:18 15808 --a------ C:\WINDOWS\system32\431174127052.dat<431174~2.DAT> 2007-03-17 10:23:55 179083 --a------ C:\WINDOWS\system32\adfweradfweds4.exe 2007-03-16 22:25:45 45988 --a------ C:\WINDOWS\system32\431174080340.dat<431174~1.DAT> 2007-03-16 20:51:13 0 d-------- C:\Program Files\Common Files\CPUSH 2007-03-16 17:24:40 213284 --a------ C:\WINDOWS\system32\drivers\acpidisk.sys 2007-03-16 17:24:17 179083 --a------ C:\WINDOWS\system32\adfweradfweds7.exe 2007-03-16 17:23:44 92164 --a------ C:\WINDOWS\system32\adfweradfweds6.exe 2007-03-16 17:22:38 20480 --a------ C:\WINDOWS\system32\adfweradfweds1.exe 2007-03-15 10:45:02 89604 --a------ C:\WINDOWS\system32\adfweds2.exe 2007-03-14 12:26:05 204288 --a------ C:\WINDOWS\system32\mopeljjlekn.dll 2007-03-14 12:25:10 44428 --a------ C:\WINDOWS\system32\431173871503.dat<431173~2.DAT> 2007-03-14 10:54:29 183560 --a------ C:\WINDOWS\system32\adfweds5.exe 2007-03-14 10:54:18 179083 --a------ C:\WINDOWS\system32\adfweds4.exe 2007-03-14 09:18:03 179083 --a------ C:\WINDOWS\system32\adfweds3.exe 2007-03-14 09:17:35 111971 --a------ C:\WINDOWS\system32\adfweds1.exe 2007-03-13 19:06:21 20480 --a------ C:\WINDOWS\system32\todayws5.exe 2007-03-13 19:05:11 204288 --a------ C:\WINDOWS\system32\cuhyjymtuex.dll 2007-03-13 16:33:11 204288 --a------ C:\WINDOWS\system32\opfrwwwwokn.dll 2007-03-13 14:21:42 0 d-------- C:\Program Files\Common Files\Skype 2007-03-13 14:21:22 0 d-------- C:\Program Files\Skype 2007-03-13 14:20:51 0 --a------ C:\WINDOWS\ntters.dll 2007-03-13 14:07:43 0 d-------- C:\WINDOWS\system32\MDserivces 2007-03-13 14:07:29 179237 --a------ C:\WINDOWS\system32\todayws3.exe 2007-03-13 14:07:23 89604 --a------ C:\WINDOWS\system32\todayws2.exe 2007-03-13 14:07:15 111976 --a------ C:\WINDOWS\system32\todayws1.exe 2007-03-12 16:09:49 112034 --a------ C:\WINDOWS\system32\ssfwss2.exe 2007-03-12 16:09:28 179237 --a------ C:\WINDOWS\system32\ssfwss1.exe 2007-03-12 16:09:20 36605 --a------ C:\WINDOWS\system32\bdrrdf.dll 2007-03-12 16:09:19 42859 --a------ C:\WINDOWS\system32\fgdfsdf.exe 2007-03-08 20:53:20 190932 --a------ C:\WINDOWS\winlogin.exe 2007-03-08 11:23:32 108106 --a------ C:\WINDOWS\system32\mcdirs1.exe 2007-03-06 14:35:05 26386 --a------ C:\WINDOWS\system32\431173188093.dat<431173~1.DAT> 2007-03-03 18:27:43 65419 --a------ C:\WINDOWS\system32\jjgfst1.exe 2007-03-02 21:03:32 26130 --a------ C:\WINDOWS\system32\ffudf.exe 2007-03-02 18:34:45 655 --a------ C:\WINDOWS\gmer.reg 2007-03-02 18:18:49 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-01 21:55:04 0 d------c- C:!KillBox 2007-02-28 21:11:16 42636 --a------ C:\WINDOWS\system32\jsds3utj.dat 2007-02-28 10:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-02-27 19:03:51 1 --a------ C:\WINDOWS\system32\index.dat 2007-02-27 18:40:11 23 --a------ C:\WINDOWS\temp.exe 2007-02-27 18:33:05 0 d------c- C:\temp 2007-02-27 11:22:14 0 d-------- C:\WINDOWS\system32\system 2007-02-27 11:22:01 206797 --a------ C:\WINDOWS\system32\12.exe 2007-02-26 20:05:26 285584 --a------ C:\WINDOWS\system32\dufs1.exe 2007-02-26 20:04:03 87535 --a------ C:\WINDOWS\system32\1010s.exe 2007-02-26 20:03:42 244 --a------ C:\WINDOWS\system32\B11E4BF2.dat 2007-02-21 17:26:07 434252 --a------ C:\WINDOWS\system32\Msvcrtd.dll – Find3M Report --------------------------------------------------------------- 2007-03-20 22:32:33 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Skype 2007-03-15 16:40:33 0 d-------- C:\Program Files\Real 2007-03-12 18:33:07 0 d-------- C:\Program Files\Google 2007-03-06 22:14:27 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\ppstream 2007-03-06 22:14:12 0 d-------- C:\Program Files\PPStream 2007-02-28 10:14:06 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Lavasoft 2007-02-21 17:26:15 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\SmartShopper 2007-02-18 09:15:03 0 d-------- C:\Program Files\DivX 2007-02-17 19:59:24 0 d-------- C:\Program Files\MarBit 2007-02-17 19:13:49 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Media Player Classic 2007-02-17 19:08:55 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Real 2007-02-16 22:34:18 0 d-------- C:\Program Files\Ski Jump International 2007-02-16 17:21:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-16 11:23:35 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Apple Computer 2007-02-16 11:23:15 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-16 11:22:57 0 d-------- C:\Program Files\QuickTime 2007-02-02 23:07:44 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Azureus 2007-02-02 19:42:40 65448 --a------ C:\Documents and Settings\griszk@\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-02-01 05:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 18:32:46 0 d-------- C:\Program Files\BearShare 2007-01-30 06:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 06:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 06:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 05:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 05:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-28 22:59:22 0 d-------- C:\Program Files\Yahoo! 2007-01-28 21:32:14 0 d-------- C:\Program Files\Ahead 2007-01-28 21:30:02 0 d-------- C:\Program Files\ffdshow 2007-01-25 20:39:40 0 d-------- C:\Program Files\Mozilla Firefox 2007-01-21 23:12:37 0 d-------- C:\Program Files\Common Files\Onet.pl 2007-01-21 23:12:25 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Onet 2007-01-21 23:12:25 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\MozillaControl 2007-01-21 23:12:22 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Listonosz 2007-01-21 23:12:21 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\AutoUpdate 2007-01-20 21:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-11 14:21:45 439528 --a----c- C:\WINDOWS\system32\perfh015.dat 2007-01-11 14:21:45 68450 --a----c- C:\WINDOWS\system32\perfc015.dat 2006-12-25 14:15:07 2938 --a----c- C:\WINDOWS\mozver.dat 2006-12-23 22:30:58 28672 --a------ C:\WINDOWS\kmouse32.dll 2006-12-23 22:30:57 4557470 --a------ C:\WINDOWS\WISŁA_6.exe 2006-12-23 22:30:52 86568 --a------ C:\WINDOWS\WISŁA_6.scr – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” @="" “Sony Ericsson PC Suite”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 “System”=“C:\Program Files\Common Files\System\Updaterun.exe” “!AVG Anti-Spyware”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 “NoDispAppearancePage”=dword:00000000 “NoColorChoice”=dword:00000000 “NoSizeChoice”=dword:00000000 “NoDispBackgroundPage”=dword:00000000 “NoDispScrSavPage”=dword:00000000 “NoDispCPL”=dword:00000000 “NoVisualStyleChoice”=dword:00000000 “NoDispSettingsPage”=dword:00000000 “DisableRegistryTools”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktopChanges”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] “StubPath”=“C:\WINDOWS\NETSVR32.EXE” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktop”=dword:00000000 “NoSaveSettings”=dword:00000000 “NoThemesTab”=dword:00000000 “ForceActiveDesktopOn”=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WmdmPMD REG_MULTI_SZ WmdmPMD\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{70237cf1-1d61-11db-b9db-00138f291aa7}] Shell\AutoRun\command G:\Autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{8e2a953c-82cc-11db-bb23-00138f291aa7}] Shell\AutoRun\command F:\autorun.exe GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-20 22:38:12 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service C:\WINDOWS\system32\6CA2043C.EXE [AUTO] 6CA2043C Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service C:\WINDOWS\system32\drivers\acpidisk.sys [AUTO] acpidisk Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service C:\WINDOWS\system32\B11E4BF2.EXE [DISABLED] B11E4BF2 Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE [AUTO] BKMARKS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\DOCUME~1\griszk@\USTAWI~1\Temp\cdiskdun.sys [MANUAL] cdiskdun Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [AUTO] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\drivers\fkwld.sys [sYSTEM] fkwld Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\DRIVERS\gvkgaf87.sys [bOOT] gvkgaf87 Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\system32\DRIVERS\irsir.sys [MANUAL] irsir Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\DRIVERS\MA-620.sys [MANUAL] MA-620 Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\drivers\msqmx.sys [AUTO] msqmx Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service ndisrd Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service C:\WINDOWS\system32\npptNT2.sys [sYSTEM] NPPTNT2 Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system\REM0REG.EXE [AUTO] REM0TEREGISTRY Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\skbusenum.sys [MANUAL] skbusenum Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\DRIVERS\st3wolf.sys [MANUAL] st3wolf Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [AUTO] StarWindService Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [bOOT] stwlfbus Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service C:\WINDOWS\System32\DRIVERS\swvnbi60.sys [bOOT] swvnbi60 Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service C:\WINDOWS\System32\DRIVERS\tdscw.sys [bOOT] tdscw Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\system32\drivers\klif.sys [MANUAL] TSP Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service C:\WINDOWS\system32\drivers\VirtualK.sys [bOOT] VirtualK Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\system32\Svchost.exe [AUTO] WmdmPMD Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\DRIVERS\wwnunm31.sys [bOOT] wwnunm31 Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {07F9D194-CE5F-4342-8481-551C699EC495} Service {8F0086FF-ABF7-4101-B033-9867B3B21653} Service {E1E9BE00-C4B1-4BF6-BAF0-439D52635049} Service [MANUAL] afd4514d ---- EOF - GMER 1.0.12 ---- – End of ComboScan: finished at 2007-03-20 at 22:35:13 ------------------------

Gutek · 20 Marzec 2007 23:42

Użyj Look2Me-Destroyer.exe i po tym jeszcze raz daj wszsystkie logi, masz syfu

griszka · 21 Marzec 2007 10:07

oto logi

ComboScan v20070306.20 run by griszk@ on 2007-03-21 at 10:12:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as griszk@.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:12:55, on 2007-03-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system\REM0REG.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\Svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\3076\zghkegj.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\3076\tkckikk.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\MSRundll.exe C:\WINDOWS\system32\DirectX\yheefhi.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Documents and Settings\griszk@\Pulpit\Look2Me-Destroyer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\griszk@\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\griszk@.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kzdh.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://caiyi8.com F2 - REG:system.ini: Shell=Explorer.exe realshed.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: TBSB04694 - {F943309C-4AF4-4D85-8064-FD20184B99EA} - C:\PROGRA~1\AB12~1\cneqiso.dll O3 - Toolbar: ??? - {5558D3F3-87EB-4335-BE71-C6E8E468D166} - C:\Program Files\Ň»ĆđËŃ\cneqiso.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [system] C:\Program Files\Common Files\System\Updaterun.exe O4 - HKLM…\Run: [tkckikk] C:\WINDOWS\system32\3076\tkckikk.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: ruango.lnk = ? O4 - Global Startup: WanSo.lnk = ? O4 - Global Startup: yheefh.lnk = C:\WINDOWS\system32\DirectX\yheefhi.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ˛Ć¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\˛Ć¸»Í¨\caif.dll (file missing) (HKCU) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: 6CA2043C - Unknown owner - C:\WINDOWS\system32\6CA2043C.EXE (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: REM0TE REGISTRY (REM0TEREGISTRY) - Unknown owner - C:\WINDOWS\system\REM0REG.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe – Files created between 2007-02-21 and 2007-03-21 ----------------------------- 2007-03-20 20:59:20 0 --a------ C:\WINDOWS\system32\apilogs.dll 2007-03-20 16:42:54 46866 --a------ C:\WINDOWS\system32\431174405370.dat<4324DA~1.DAT> 2007-03-20 14:51:12 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-20 14:51:06 0 d-------- C:\Program Files\Grisoft 2007-03-20 11:28:59 46848 --a------ C:\WINDOWS\system32\431174386536.dat<4345C6~1.DAT> 2007-03-20 10:44:03 39 --a------ C:\WINDOWS\system32\ELRZHNVBJPWCJQX.DLL 2007-03-18 21:12:09 0 d-------- C:\Program Files\Ň»ĆđËŃ 2007-03-18 09:12:46 46450 --a------ C:\WINDOWS\system32\431174205553.dat<433ACA~1.DAT> 2007-03-17 14:11:30 17254 --a------ C:\WINDOWS\system32\adfweradfweds3.exe 2007-03-17 14:10:24 45734 --a------ C:\WINDOWS\system32\431174137005.dat<431174~4.DAT> 2007-03-17 14:10:05 25904 --a------ C:\WINDOWS\system32\cdsdf.exe 2007-03-17 14:06:09 242114 --a------ C:\WINDOWS\system32\117413676810.exe<116D21~1.EXE> 2007-03-17 14:02:45 57344 --a------ C:\WINDOWS\g3.exe 2007-03-17 14:01:27 20480 --a------ C:\WINDOWS\system32\11741364862.exe<11A7B6~1.EXE> 2007-03-17 14:00:39 183560 --a------ C:\WINDOWS\system32\11741364231.exe<1197A0~1.EXE> 2007-03-17 14:00:31 67 --a------ C:\WINDOWS\system32\ZSMFBVO.DLL 2007-03-17 14:00:29 1281 --a------ C:\WINDOWS\system32\mPe1aD0J.dll 2007-03-17 14:00:24 375296 --a------ C:\WINDOWS\system32\realshed.exe 2007-03-17 14:00:24 910336 --a------ C:\WINDOWS\system32\ntd11.dll 2007-03-17 13:57:51 445440 --a------ C:\WINDOWS\system32\117413626813.exe<117D2C~1.EXE> 2007-03-17 13:54:56 3712 --a------ C:\WINDOWS\system32\11741360957.exe<119DC0~1.EXE> 2007-03-17 13:42:13 145672 --a------ C:\WINDOWS\system32\117413533113.exe<117413~4.EXE> 2007-03-17 13:42:08 22 --a------ C:\WINDOWS\system32\drivers\MS396.sys 2007-03-17 13:42:08 86016 --a------ C:\WINDOWS\system\REM0REG.EXE 2007-03-17 13:42:06 106496 --a------ C:\WINDOWS\system32\MSa18.exe 2007-03-17 13:42:06 106496 --a------ C:\WINDOWS\system\MFS0FT.DLL 2007-03-17 13:42:06 417792 --a------ C:\WINDOWS\MSf4.dll 2007-03-17 13:42:05 417792 --a------ C:\WINDOWS\system\AV1CAP.dll 2007-03-17 13:42:05 0 d-------- C:\WINDOWS\cursor 2007-03-17 13:40:40 16384 --a------ C:\WINDOWS\system32\msinst.exe 2007-03-17 13:40:39 135168 --a------ C:\WINDOWS\system32\11741352349.exe<117413~3.EXE> 2007-03-17 13:40:15 3712 --a------ C:\WINDOWS\system32\11741352077.exe<117413~1.EXE> 2007-03-17 13:39:48 33280 --a------ C:\WINDOWS\system32\MSRundll.exe 2007-03-17 13:39:48 0 d-------- C:\Program Files\Common Files\Ruango 2007-03-17 13:38:40 0 d-------- C:\Program Files\superutilbar 2007-03-17 13:38:37 278151 --a------ C:\WINDOWS\bar.exe 2007-03-17 13:38:15 57344 --a------ C:\WINDOWS\f2.exe 2007-03-17 13:38:13 38400 -r------- C:\WINDOWS\system32\drivers\fkwld.sys 2007-03-17 13:38:03 0 d-------- C:\Program Files\Common Files\WANSO 2007-03-17 13:34:33 20480 --a------ C:\WINDOWS\system32\11741348712.exe<117413~2.EXE> 2007-03-17 13:33:11 14336 --a------ C:\WINDOWS\system32\6CA2043C.DLL 2007-03-17 13:33:09 20082 --a------ C:\WINDOWS\system32\6CA2043CT.EXE<6CA204~1.EXE> 2007-03-17 12:28:04 45734 --a------ C:\WINDOWS\system32\431174130867.dat<431174~3.DAT> 2007-03-17 11:24:18 15808 --a------ C:\WINDOWS\system32\431174127052.dat<431174~2.DAT> 2007-03-17 10:23:55 179083 --a------ C:\WINDOWS\system32\adfweradfweds4.exe 2007-03-16 22:25:45 45988 --a------ C:\WINDOWS\system32\431174080340.dat<431174~1.DAT> 2007-03-16 20:51:13 0 d-------- C:\Program Files\Common Files\CPUSH 2007-03-16 17:24:40 213284 --a------ C:\WINDOWS\system32\drivers\acpidisk.sys 2007-03-16 17:24:17 179083 --a------ C:\WINDOWS\system32\adfweradfweds7.exe 2007-03-16 17:23:44 92164 --a------ C:\WINDOWS\system32\adfweradfweds6.exe 2007-03-16 17:22:38 20480 --a------ C:\WINDOWS\system32\adfweradfweds1.exe 2007-03-15 10:45:02 89604 --a------ C:\WINDOWS\system32\adfweds2.exe 2007-03-14 12:26:05 204288 --a------ C:\WINDOWS\system32\mopeljjlekn.dll 2007-03-14 12:25:10 44428 --a------ C:\WINDOWS\system32\431173871503.dat<431173~2.DAT> 2007-03-14 10:54:29 183560 --a------ C:\WINDOWS\system32\adfweds5.exe 2007-03-14 10:54:18 179083 --a------ C:\WINDOWS\system32\adfweds4.exe 2007-03-14 09:18:03 179083 --a------ C:\WINDOWS\system32\adfweds3.exe 2007-03-14 09:17:35 111971 --a------ C:\WINDOWS\system32\adfweds1.exe 2007-03-13 19:06:21 20480 --a------ C:\WINDOWS\system32\todayws5.exe 2007-03-13 19:05:11 204288 --a------ C:\WINDOWS\system32\cuhyjymtuex.dll 2007-03-13 16:33:11 204288 --a------ C:\WINDOWS\system32\opfrwwwwokn.dll 2007-03-13 14:21:42 0 d-------- C:\Program Files\Common Files\Skype 2007-03-13 14:21:22 0 d-------- C:\Program Files\Skype 2007-03-13 14:20:51 0 --a------ C:\WINDOWS\ntters.dll 2007-03-13 14:07:43 0 d-------- C:\WINDOWS\system32\MDserivces 2007-03-13 14:07:29 179237 --a------ C:\WINDOWS\system32\todayws3.exe 2007-03-13 14:07:23 89604 --a------ C:\WINDOWS\system32\todayws2.exe 2007-03-13 14:07:15 111976 --a------ C:\WINDOWS\system32\todayws1.exe 2007-03-12 16:09:49 112034 --a------ C:\WINDOWS\system32\ssfwss2.exe 2007-03-12 16:09:28 179237 --a------ C:\WINDOWS\system32\ssfwss1.exe 2007-03-12 16:09:20 36605 --a------ C:\WINDOWS\system32\bdrrdf.dll 2007-03-12 16:09:19 42859 --a------ C:\WINDOWS\system32\fgdfsdf.exe 2007-03-08 20:53:20 190932 --a------ C:\WINDOWS\winlogin.exe 2007-03-08 11:23:32 108106 --a------ C:\WINDOWS\system32\mcdirs1.exe 2007-03-06 14:35:05 26386 --a------ C:\WINDOWS\system32\431173188093.dat<431173~1.DAT> 2007-03-03 18:27:43 65419 --a------ C:\WINDOWS\system32\jjgfst1.exe 2007-03-02 21:03:32 26130 --a------ C:\WINDOWS\system32\ffudf.exe 2007-03-02 18:34:45 655 --a------ C:\WINDOWS\gmer.reg 2007-03-02 18:18:49 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-01 21:55:04 0 d------c- C:!KillBox 2007-02-28 21:11:16 42636 --a------ C:\WINDOWS\system32\jsds3utj.dat 2007-02-28 10:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-02-27 19:03:51 1 --a------ C:\WINDOWS\system32\index.dat 2007-02-27 18:40:11 23 --a------ C:\WINDOWS\temp.exe 2007-02-27 18:33:05 0 d------c- C:\temp 2007-02-27 11:22:14 0 d-------- C:\WINDOWS\system32\system 2007-02-27 11:22:01 206797 --a------ C:\WINDOWS\system32\12.exe 2007-02-26 20:05:26 285584 --a------ C:\WINDOWS\system32\dufs1.exe 2007-02-26 20:04:03 87535 --a------ C:\WINDOWS\system32\1010s.exe 2007-02-26 20:03:42 244 --a------ C:\WINDOWS\system32\B11E4BF2.dat 2007-02-21 17:26:07 434252 --a------ C:\WINDOWS\system32\Msvcrtd.dll – Find3M Report --------------------------------------------------------------- 2007-03-21 09:53:20 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Skype 2007-03-15 16:40:33 0 d-------- C:\Program Files\Real 2007-03-12 18:33:07 0 d-------- C:\Program Files\Google 2007-03-06 22:14:27 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\ppstream 2007-03-06 22:14:12 0 d-------- C:\Program Files\PPStream 2007-02-28 10:14:06 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Lavasoft 2007-02-21 17:26:15 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\SmartShopper 2007-02-18 09:15:03 0 d-------- C:\Program Files\DivX 2007-02-17 19:59:24 0 d-------- C:\Program Files\MarBit 2007-02-17 19:13:49 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Media Player Classic 2007-02-17 19:08:55 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Real 2007-02-16 22:34:18 0 d-------- C:\Program Files\Ski Jump International 2007-02-16 17:21:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-16 11:23:35 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Apple Computer 2007-02-16 11:23:15 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-16 11:22:57 0 d-------- C:\Program Files\QuickTime 2007-02-02 23:07:44 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Azureus 2007-02-02 19:42:40 65448 --a------ C:\Documents and Settings\griszk@\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-02-01 05:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 18:32:46 0 d-------- C:\Program Files\BearShare 2007-01-30 06:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 06:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 06:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 05:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 05:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-28 22:59:22 0 d-------- C:\Program Files\Yahoo! 2007-01-28 21:32:14 0 d-------- C:\Program Files\Ahead 2007-01-28 21:30:02 0 d-------- C:\Program Files\ffdshow 2007-01-25 20:39:40 0 d-------- C:\Program Files\Mozilla Firefox 2007-01-21 23:12:37 0 d-------- C:\Program Files\Common Files\Onet.pl 2007-01-21 23:12:25 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Onet 2007-01-21 23:12:25 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\MozillaControl 2007-01-21 23:12:22 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Listonosz 2007-01-21 23:12:21 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\AutoUpdate 2007-01-20 21:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-11 14:21:45 439528 --a----c- C:\WINDOWS\system32\perfh015.dat 2007-01-11 14:21:45 68450 --a----c- C:\WINDOWS\system32\perfc015.dat 2006-12-25 14:15:07 2938 --a----c- C:\WINDOWS\mozver.dat 2006-12-23 22:30:58 28672 --a------ C:\WINDOWS\kmouse32.dll 2006-12-23 22:30:57 4557470 --a------ C:\WINDOWS\WISŁA_6.exe 2006-12-23 22:30:52 86568 --a------ C:\WINDOWS\WISŁA_6.scr – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” @="" “Sony Ericsson PC Suite”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 “System”=“C:\Program Files\Common Files\System\Updaterun.exe” “tkckikk”=“C:\WINDOWS\system32\3076\tkckikk.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 “NoDispAppearancePage”=dword:00000000 “NoColorChoice”=dword:00000000 “NoSizeChoice”=dword:00000000 “NoDispBackgroundPage”=dword:00000000 “NoDispScrSavPage”=dword:00000000 “NoDispCPL”=dword:00000000 “NoVisualStyleChoice”=dword:00000000 “NoDispSettingsPage”=dword:00000000 “DisableRegistryTools”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktopChanges”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] “StubPath”=“C:\WINDOWS\NETSVR32.EXE” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktop”=dword:00000000 “NoSaveSettings”=dword:00000000 “NoThemesTab”=dword:00000000 “ForceActiveDesktopOn”=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WmdmPMD REG_MULTI_SZ WmdmPMD\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{70237cf1-1d61-11db-b9db-00138f291aa7}] Shell\AutoRun\command G:\Autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{8e2a953c-82cc-11db-bb23-00138f291aa7}] Shell\AutoRun\command F:\autorun.exe – End of ComboScan: finished at 2007-03-21 at 10:13:25 ------------------------ “Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} “StubPath” = “C:\WINDOWS\NETSVR32.EXE” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “(Default)” = “(empty string)” [file not found] “Sony Ericsson PC Suite” = ““C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions” [“Sony Ericsson Mobile Communications AB”] “Onet.pl AutoUpdate” = “C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” [“Onet.pl”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “System” = “C:\Program Files\Common Files\System\Updaterun.exe” [file not found] “tkckikk” = “C:\WINDOWS\system32\3076\tkckikk.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] {F943309C-4AF4-4D85-8064-FD20184B99EA}(Default) = “TBSB04694” -> {HKLM…CLSID} = “TBSB04694 Class” \InProcServer32(Default) = “C:\PROGRA~1\AB12~1\cneqiso.dll” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll” [“Alcohol Soft Development Team”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Context Menu Shell Extension” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <> “Shell” = “Explorer.exe realshed.exe” [MS], [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“aswBoot.exe /M:6ebcd1b4” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktop” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ClassicShell” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} “NoThemesTab” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Enable Active Desktop} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options| Remove Task Manager} “NoDispAppearancePage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoColorChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSizeChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispBackgroundPage” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Hide Desktop tab} “NoDispScrSavPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispCPL” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Remove Display in Control Panel} “NoVisualStyleChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispSettingsPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\griszk@\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\WISA_6~1.SCR” (WISŁA_6.scr) [null data] Startup items in “griszk@” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\griszk@\Menu Start\Programy\Autostart “Yahoo! Widget Engine” -> shortcut to: “D:\Yahoo! Widget Engine\YahooWidgetEngine.exe” [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ruango” -> shortcut to: “C:\WINDOWS\system32\MSRundll.exe C:\PROGRA~1\COMMON~1\Ruango\Player.dll,Always” [MS] “WanSo” -> shortcut to: “C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\COMMON~1\WANSO\Player.dll,Always” [MS] “yheefh” -> shortcut to: “C:\WINDOWS\system32\DirectX\yheefhi.exe” [null data] Enabled Scheduled Tasks: ------------------------ “At3” -> launches: “C:\DOCUME~1\griszk@\Pulpit\Look2Me-Destroyer.exe /task” [“Atribune.org”] “vfnAFyyBcggeUiHJyJBH” -> launches: “C:\WINDOWS\system32\3076\zghkegj.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] “{5558D3F3-87EB-4335-BE71-C6E8E468D166}” -> {HKLM…CLSID} = “???” \InProcServer32(Default) = “C:\Program Files\Ň»ĆđËŃ\cneqiso.dll” [empty string] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{5558D3F3-87EB-4335-BE71-C6E8E468D166}” = (no title provided) -> {HKLM…CLSID} = “???” \InProcServer32(Default) = “C:\Program Files\Ň»ĆđËŃ\cneqiso.dll” [empty string] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {197A85BC-BD97-4404-A702-95E556E4DAEB}(Default) = (no title provided) -> {HKLM…CLSID} = “Kwso” \InProcServer32(Default) = “C:\Program Files\Common Files\WANSO\SoBar.dll” [" “] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {197A85BC-BD97-4404-A702-95E556E4DAEB}(Default) = (no title provided) -> {HKLM…CLSID} = “Kwso” \InProcServer32(Default) = “C:\Program Files\Common Files\WANSO\SoBar.dll” [” "] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {C1F0024B-8278-4999-B7E6-2718426D9FE6}\ “ButtonText” = “˛Ć¸»Í¨” “CLSIDExtension” = “{E36884E3-42E9-4A8E-A7F8-6DE700903E5C}” -> {HKLM…CLSID} = “CaiFuCOM Class” \InProcServer32(Default) = “C:\Program Files\˛Ć¸»Í¨\caif.dll” [file not found] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Microsoft Update Service, BKMARKS, “C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\PPQYD.DLL,Export 1087” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Portable Media, WmdmPMD, “C:\WINDOWS\system32\Svchost.exe -k WmdmPMD” {“C:\WINDOWS\system32\MDserivces\services\svchost.dll” [MS]} REM0TE REGISTRY, REM0TEREGISTRY, “C:\WINDOWS\system\REM0REG.EXE” [null data] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 131 seconds. ---------- (total run time: 228 seconds) GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-21 10:31:56 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service C:\WINDOWS\system32\6CA2043C.EXE [AUTO] 6CA2043C Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service C:\WINDOWS\system32\drivers\acpidisk.sys [AUTO] acpidisk Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service C:\WINDOWS\system32\B11E4BF2.EXE [DISABLED] B11E4BF2 Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE [AUTO] BKMARKS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\DOCUME~1\griszk@\USTAWI~1\Temp\cdiskdun.sys [MANUAL] cdiskdun Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [AUTO] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\drivers\fkwld.sys [sYSTEM] fkwld Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\DRIVERS\gvkgaf87.sys [bOOT] gvkgaf87 Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\system32\DRIVERS\irsir.sys [MANUAL] irsir Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\DRIVERS\MA-620.sys [MANUAL] MA-620 Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\drivers\msqmx.sys [AUTO] msqmx Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service ndisrd Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service C:\WINDOWS\system32\npptNT2.sys [sYSTEM] NPPTNT2 Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd

adam9870 · 21 Marzec 2007 20:11

Otwórz Notatnik i wklej w nim to:

gmer -del file C:\WINDOWS\system32\apilogs.dll gmer -del file C:\WINDOWS\system32\431174405370.dat gmer -del file C:\WINDOWS\system32\431174386536.dat gmer -del file C:\WINDOWS\system32\ELRZHNVBJPWCJQX.DLL gmer -del file C:\WINDOWS\system32\ELRZHNVBJPWCJQX.DLL gmer -del file C:\WINDOWS\system32\431174205553.dat gmer -del file C:\WINDOWS\system32\adfweradfweds3.exe gmer -del file C:\WINDOWS\system32\431174137005.dat gmer -del file C:\WINDOWS\system32\cdsdf.exe gmer -del file C:\WINDOWS\system32\117413676810.exe gmer -del file C:\WINDOWS\system32\11741364862.exe gmer -del file C:\WINDOWS\system32\11741364231.exe gmer -del file C:\WINDOWS\system32\ZSMFBVO.DLL gmer -del file C:\WINDOWS\system32\mPe1aD0J.dll gmer -del file C:\WINDOWS\system32\117413626813.exe gmer -del file C:\WINDOWS\system32\11741360957.exe gmer -del file C:\WINDOWS\system32\117413533113.exe gmer -del file C:\WINDOWS\system32\drivers\MS396.sys gmer -del file C:\WINDOWS\system\REM0REG.EXE gmer -del file C:\WINDOWS\system32\MSa18.exe gmer -del file C:\WINDOWS\system\MFS0FT.DLL gmer -del file C:\WINDOWS\MSf4.dll gmer -del file C:\WINDOWS\system\AV1CAP.dll gmer -del file C:\WINDOWS\system32\msinst.exe gmer -del file C:\WINDOWS\system32\11741352349.exe gmer -del file C:\WINDOWS\system32\11741352077.exe gmer -del file C:\WINDOWS\system32\MSRundll.exe gmer -del file C:\Program Files\Common Files\Ruango gmer -del file C:\Program Files\superutilbar gmer -del file C:\WINDOWS\bar.exe gmer -del file C:\WINDOWS\f2.exe gmer -del file C:\WINDOWS\system32\drivers\fkwld.sys gmer -del file C:\Program Files\Common Files\WANSO gmer -del file C:\WINDOWS\system32\11741348712.exe gmer -del file C:\WINDOWS\system32\6CA2043C.DLL gmer -del file C:\WINDOWS\system32\6CA2043CT.EXE gmer -del file C:\WINDOWS\system32\431174130867.dat gmer -del file C:\WINDOWS\system32\431174127052.dat gmer -del file C:\WINDOWS\system32\adfweradfweds4.exe gmer -del file C:\WINDOWS\system32\431174080340.dat gmer -del file C:\Program Files\Common Files\CPUSH gmer -del file C:\WINDOWS\system32\drivers\acpidisk.sys gmer -del file C:\WINDOWS\system32\adfweradfweds7.exe gmer -del file C:\WINDOWS\system32\adfweradfweds6.exe gmer -del file C:\WINDOWS\system32\adfweradfweds1.exe gmer -del file C:\WINDOWS\system32\adfweds2.exe gmer -del file C:\WINDOWS\system32\mopeljjlekn.dll gmer -del file C:\WINDOWS\system32\431173871503.dat gmer -del file C:\WINDOWS\system32\adfweds5.exe gmer -del file C:\WINDOWS\system32\adfweds4.exe gmer -del file C:\WINDOWS\system32\adfweds3.exe gmer -del file C:\WINDOWS\system32\adfweds1.exe gmer -del file C:\WINDOWS\system32\todayws5.exe gmer -del file C:\WINDOWS\system32\cuhyjymtuex.dll gmer -del file C:\WINDOWS\system32\opfrwwwwokn.dll gmer -del file C:\WINDOWS\ntters.dll gmer -del file C:\WINDOWS\system32\MDserivces gmer -del file C:\WINDOWS\system32\todayws3.exe gmer -del file C:\WINDOWS\system32\todayws2.exe gmer -del file C:\WINDOWS\system32\todayws1.exe gmer -del file C:\WINDOWS\system32\ssfwss2.exe gmer -del file C:\WINDOWS\system32\ssfwss1.exe gmer -del file C:\WINDOWS\system32\bdrrdf.dll gmer -del file C:\WINDOWS\system32\fgdfsdf.exe gmer -del file C:\WINDOWS\winlogin.exe gmer -del file C:\WINDOWS\system32\mcdirs1.exe gmer -del file C:\WINDOWS\system32\431173188093.dat gmer -del file C:\WINDOWS\system32\jjgfst1.exe gmer -del file C:\WINDOWS\system32\ffudf.exe gmer -del file C:!KillBox gmer -del file C:\WINDOWS\system32\jsds3utj.dat gmer -del file C:\WINDOWS\system32\index.dat gmer -del file C:\WINDOWS\temp.exe gmer -del file C:\WINDOWS\system32\12.exe gmer -del file C:\WINDOWS\system32\dufs1.exe gmer -del file C:\WINDOWS\system32\1010s.exe gmer -del file C:\WINDOWS\system32\B11E4BF2.dat gmer -del file C:\PROGRA~1\AB12~1 gmer -del file C:\WINDOWS\system32\3076 gmer -del file C:\WINDOWS\system32\6CA2043C.EXE gmer -del file C:\WINDOWS\system32\B11E4BF2.EXE gmer -del file C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE gmer -del file C:\DOCUME~1\griszk@\USTAWI~1\Temp gmer -del file C:\WINDOWS\System32\DRIVERS\gvkgaf87.sys gmer -del file C:\WINDOWS\system32\drivers\msqmx.sys gmer -del file C:\WINDOWS\system32\DirectX\yheefhi.exe gmer -del file C:\WINDOWS\system\REM0REG.EXE gmer -del service 6CA2043C gmer -del service acpidisk gmer -del service B11E4BF2 gmer -del service BKMARKS gmer -del service cdiskdun gmer -del service edfscv gmer -del service fkwld gmer -del service gvkgaf87 gmer -del service msqmx gmer -del service ndisrd gmer -del service REM0TEREGISTRY gmer -reboot

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

W Gmerze:

W zakładce Procesy wybierz Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer’a
W zakładce Procesy kliknij Pliki i usuń z dysku ręcznie folder:

W zakładce Procesy wskaż przez … (trzy kropki) plik FIX.BAT i reset.
Po resecie otwórz Gmer’a i w zakładce CMD z zaznaczoną opcją REGEDIT.EXE wklej:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] “StubPath”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] “(Default)”=- “System”=- “tkckikk”=- [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F943309C-4AF4-4D85-8064-FD20184B99EA}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=“Explorer.exe” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] “BootExecute”=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{5558D3F3-87EB-4335-BE71-C6E8E468D166}”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] “{5558D3F3-87EB-4335-BE71-C6E8E468D166}”=- [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars{197A85BC-BD97-4404-A702-95E556E4DAEB}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars{197A85BC-BD97-4404-A702-95E556E4DAEB}] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions{C1F0024B-8278-4999-B7E6-2718426D9FE6}]

Kliknij Uruchom i reset.

Usuń wpisy HJT.

Po wykonaniu wklej nowy log z Combo i Gmer’a.

griszka · 24 Marzec 2007 16:22

tracę wiarę i nadzieje że wyrzucę syfa z kompa

adam9870 · 24 Marzec 2007 16:39

Pokaż jeszcze log z Gmer’a wykonany przy takim ustawieniu:

Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Bez niego nie dam Ci kompletnej instrukcji usuwania ponieważ zostaną szkodliwe driver’y i wszystko wróci.

griszka · 24 Marzec 2007 17:00

sorry oto brakujący

adam9870 · 24 Marzec 2007 19:56

Pobierz The avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w lupkę => w okienku, które się otworzy wklej:

Drivers to unload: 6CA2043C acpidisk B11E4BF2 BKMARKS cdiskdun DNSCL1ENT fkwld gvkgaf87 swvnbi60 VirtualK wwnunm31 a9dl5wp3 msqmx Folders to delete: C:\Program Files\superutilbar C:\Program Files\Common Files\WANSO C:\Program Files\Common Files\CPUSH C:\Program Files\PPStream C:\DOCUME~1\griszk@\USTAWI~1\Temp Files to delete: C:\WINDOWS\system32\6CA2043C.EXE C:\WINDOWS\system32\drivers\acpidisk.sys C:\WINDOWS\system32\B11E4BF2.EXE C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\system32\NETW0R~1.EXE C:\WINDOWS\system32\drivers\fkwld.sys C:\WINDOWS\System32\DRIVERS\gvkgaf87.sys C:\WINDOWS\System32\DRIVERS\swvnbi60.sys C:\WINDOWS\system32\drivers\VirtualK.sys C:\WINDOWS\System32\DRIVERS\wwnunm31.sys C:\WINDOWS\system32\NETW0RKSERV1CE.EXE C:\WINDOWS\system32\BR0WSER.DLL C:\WINDOWS\system32\B1OS.DLL C:\WINDOWS\system32\MessageServices.exe C:\WINDOWS\system32\431174478797.dat C:\WINDOWS\system32\apilogs.dll C:\WINDOWS\system32\431174405370.dat C:\WINDOWS\system32\431174386536.dat C:\WINDOWS\system32\ELRZHNVBJPWCJQX.DLL C:\WINDOWS\system32\431174205553.dat C:\WINDOWS\system32\adfweradfweds3.exe C:\WINDOWS\system32\431174137005.dat C:\WINDOWS\system32\cdsdf.exe C:\WINDOWS\system32\117413676810.exe C:\WINDOWS\system32\11741364862.exe C:\WINDOWS\system32\11741364231.exe C:\WINDOWS\system32\ZSMFBVO.DLL C:\WINDOWS\system32\mPe1aD0J.dll C:\WINDOWS\system32\ntd11.dll C:\WINDOWS\system32\117413626813.exe C:\WINDOWS\system32\11741360957.exe C:\WINDOWS\system32\117413533113.exe C:\WINDOWS\system32\drivers\MS396.sys C:\WINDOWS\system\MFS0FT.DLL C:\WINDOWS\system32\msinst.exe C:\WINDOWS\system32\11741352349.exe C:\WINDOWS\system32\11741352077.exe C:\WINDOWS\system32\MSRundll.exe C:\WINDOWS\bar.exe C:\WINDOWS\f2.exe C:\WINDOWS\system32\11741348712.exe C:\WINDOWS\system32\6CA2043C.DLL C:\WINDOWS\system32\6CA2043CT.EXE C:\WINDOWS\system32\431174130867.dat C:\WINDOWS\system32\431174127052.dat C:\WINDOWS\system32\adfweradfweds4.exe C:\WINDOWS\system32\431174080340.dat C:\WINDOWS\system32\adfweradfweds7.exe C:\WINDOWS\system32\adfweradfweds6.exe C:\WINDOWS\system32\adfweradfweds1.exe C:\WINDOWS\system32\adfweds2.exe C:\WINDOWS\system32\mopeljjlekn.dll C:\WINDOWS\system32\431173871503.dat C:\WINDOWS\system32\adfweds5.exe C:\WINDOWS\system32\adfweds4.exe C:\WINDOWS\system32\adfweds3.exe C:\WINDOWS\system32\adfweds1.exe C:\WINDOWS\system32\todayws5.exe C:\WINDOWS\system32\cuhyjymtuex.dll C:\WINDOWS\system32\opfrwwwwokn.dll C:\WINDOWS\ntters.dll C:\WINDOWS\system32\todayws3.exe C:\WINDOWS\system32\todayws2.exe C:\WINDOWS\system32\todayws1.exe C:\WINDOWS\system32\ssfwss2.exe C:\WINDOWS\system32\ssfwss1.exe C:\WINDOWS\system32\bdrrdf.dll C:\WINDOWS\system32\fgdfsdf.exe C:\WINDOWS\winlogin.exe C:\WINDOWS\system32\mcdirs1.exe C:\WINDOWS\system32\431173188093.dat C:\WINDOWS\system32\jjgfst1.exe C:\WINDOWS\system32\ffudf.exe C:\WINDOWS\system32\jsds3utj.dat C:\WINDOWS\system32\index.dat C:\WINDOWS\temp.exe C:\WINDOWS\system32\12.exe C:\WINDOWS\system32\dufs1.exe C:\WINDOWS\system32\1010s.exe C:\WINDOWS\system32\B11E4BF2.dat C:\Program Files\Gadu-Gadu\ydcjkdc.exe C:\WINDOWS\system32\drivers\msqmx.sys Registry values to delete: “HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run” | “MSN9.1”

=> Kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po resecie może pojawić się okienko na dosłownie kilka sekund oraz log w notatniku. Wejdź tam gdzie masz avengera i skasuj plik backup.zip czyli np. c:\avenger\backup.zip.

W Gmerze w zakładce Procesy wybierz Gmer awaryjny >>> reset >>> w zakładce Procesy kliknij Pliki i usuń:

>>> zresetuj komputer ręcznie przyciskiem na obudowie.

Usuń wpisy HJT.

Po wykonaniu wklej nowe logi.

griszka · 25 Marzec 2007 09:54

Trochę jakby sie odmulał :o

podczas uruchamiania pokazuje że wystopił błąd podczas ładowania i nie można znaleźć modułu w dwóch przypadkach

C/Progra~1/COMMON~1?WANSO/Player.dll oraz

C/WINDOWS/System 32/B1OS.DLL

ComboScan v20070306.20 run by griszk@ on 2007-03-25 at 10:27:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-25 11:49:47 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? C:\WINDOWS\system32\drivers\tdscw.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload F868D62C 5 Bytes JMP FFB0E8F0 ? System32\Drivers\ascguhev.SYS Nie można odnaleźć określonego pliku. ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 813501D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 812FA1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP FFB0A1D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE FFB091D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE FFB091D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL FFB091D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB091D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER FFB091D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL FFB091D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP FFB091D8 Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_DEVICE_CONTROL [F95C9A7C] GDTdiIcpt.sys Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_INTERNAL_DEVICE_CONTROL [F95C9A7C] GDTdiIcpt.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 813521D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE FFACB980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE FFACB980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 811B7E70 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE FFACB980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS FFACB980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 812CC360 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL FFACB980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN FFACB980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER FFACB980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL FFACB980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP FFACB980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE FFACB980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE FFACB980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 811B7E70 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE FFACB980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS FFACB980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 812CC360 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL FFACB980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN FFACB980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER FFACB980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL FFACB980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP FFACB980 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 811B8AA8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 811B8AA8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 811B8AA8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 811B8AA8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_PNP 813511D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE FFACB980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE FFACB980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 811B7E70 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE FFACB980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS FFACB980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 812CC360 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL FFACB980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN FFACB980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER FFACB980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL FFACB980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP FFACB980 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE FF99B8B8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE FF99B8B8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL FF99B8B8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL FF99B8B8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP FF99B8B8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP FF99B8B8 Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_DEVICE_CONTROL [F95C9A7C] GDTdiIcpt.sys Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F95C9A7C] GDTdiIcpt.sys Device \Driver\00000051 \Device\0000004f IRP_MJ_POWER [F9178C7E] sptd.sys Device \Driver\00000051 \Device\0000004f IRP_MJ_SYSTEM_CONTROL [F91922A2] sptd.sys Device \Driver\00000051 \Device\0000004f IRP_MJ_PNP [F9193228] sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_CREATE FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_CLOSE FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_DEVICE_CONTROL FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_INTERNAL_DEVICE_CONTROL FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_CLEANUP FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_PNP FF99B8B8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP FFB0A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA FF502490 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP FF502490 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP FFB0A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA FF502490 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP FF502490 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_CREATE FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_CLOSE FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_DEVICE_CONTROL FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_INTERNAL_DEVICE_CONTROL FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_CLEANUP FF99B8B8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_PNP FF99B8B8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL FFB0A1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP FFB0A1D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE FFB091D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE FFB091D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL FFB091D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB091D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER FFB091D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL FFB091D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP FFB091D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 813521D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CREATE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CREATE_NAMED_PIPE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CLOSE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_READ FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_WRITE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_INFORMATION FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_INFORMATION FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_EA FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_EA FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_FLUSH_BUFFERS FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_VOLUME_INFORMATION FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_VOLUME_INFORMATION FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_DIRECTORY_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_FILE_SYSTEM_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_DEVICE_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_INTERNAL_DEVICE_CONTROL 811BF588 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SHUTDOWN FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_LOCK_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CLEANUP FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CREATE_MAILSLOT FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_SECURITY FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_SECURITY FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_POWER FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SYSTEM_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_DEVICE_CHANGE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_QUOTA FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_QUOTA FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_PNP FF8FC1D8 Device \Driver\ascguhev \Device\Scsi\ascguhev1 IRP_MJ_CREATE FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1 IRP_MJ_CLOSE FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1 IRP_MJ_DEVICE_CONTROL FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1 IRP_MJ_INTERNAL_DEVICE_CONTROL 811DC560 Device \Driver\ascguhev \Device\Scsi\ascguhev1 IRP_MJ_POWER FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1 IRP_MJ_SYSTEM_CONTROL FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1 IRP_MJ_PNP FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1Port3Path0Target0Lun0 IRP_MJ_CREATE FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1Port3Path0Target0Lun0 IRP_MJ_CLOSE FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 811DC560 Device \Driver\ascguhev \Device\Scsi\ascguhev1Port3Path0Target0Lun0 IRP_MJ_POWER FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL FFA797C0 Device \Driver\ascguhev \Device\Scsi\ascguhev1Port3Path0Target0Lun0 IRP_MJ_PNP FFA797C0 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CREATE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CLOSE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_READ FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_WRITE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_EA FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 811BF588 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CLEANUP FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_POWER FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA FF8FC1D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_PNP FF8FC1D8 Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_READ FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP FF95B2B0 Device \FileSystem\Fastfat \Fat IRP_MJ_PNP FF95B2B0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP FF4B0980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP FF4B0980 ---- Threads - GMER 1.0.12 ---- Thread 4:160 812F9B08 ---- EOF - GMER 1.0.12 ---- GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-25 11:50:58 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [AUTO] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service System32\DRIVERS\gvkgaf87.sys [bOOT] gvkgaf87 Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL]

adam9870 · 25 Marzec 2007 10:56

Wklej cały log z Gmer’a wykonany przy ustawieniu usługi + pokazuj wszystko plus nowy log z Combo.

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

griszka · 25 Marzec 2007 11:55

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-25 13:52:33 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [AUTO] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service System32\DRIVERS\gvkgaf87.sys [bOOT] gvkgaf87 Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\system32\DRIVERS\irsir.sys [MANUAL] irsir Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\DRIVERS\MA-620.sys [MANUAL] MA-620 Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service ndisrd Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service C:\WINDOWS\system32\npptNT2.sys [sYSTEM] NPPTNT2 Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\skbusenum.sys [MANUAL] skbusenum Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\DRIVERS\st3wolf.sys [MANUAL] st3wolf Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [AUTO] StarWindService Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [bOOT] stwlfbus Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service System32\DRIVERS\swvnbi60.sys [bOOT] swvnbi60 Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service C:\WINDOWS\System32\DRIVERS\tdscw.sys [bOOT] tdscw Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\system32\drivers\klif.sys [MANUAL] TSP Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\system32\Svchost.exe [AUTO] WmdmPMD Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service System32\DRIVERS\wwnunm31.sys [bOOT] wwnunm31 Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {07F9D194-CE5F-4342-8481-551C699EC495} Service {8F0086FF-ABF7-4101-B033-9867B3B21653} Service {E1E9BE00-C4B1-4BF6-BAF0-439D52635049} Service [MANUAL] ascguhev ---- EOF - GMER 1.0.12 ---- ComboScan v20070306.20 run by griszk@ on 2007-03-25 at 13:53:08 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as griszk@.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 13:53:15, on 2007-03-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\Svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe D:\eMule\emule.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\griszk@\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\griszk@.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://caiyi8.com F2 - REG:system.ini: Shell=Explorer.exe realshed.exe O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush0.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSN9.1] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\B1OS.DLL,Run O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: ruango.lnk = ? O4 - Global Startup: WanSo.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: edfscv - Unknown owner - C:\WINDOWS\system32\fgdfsdf.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe – Files created between 2007-02-25 and 2007-03-25 ----------------------------- 2007-03-25 11:31:59 39 --a------ C:\WINDOWS\system32\MTZFNVCJ.DLL 2007-03-25 04:19:23 67 --a------ C:\WINDOWS\system32\UAGNVCJRYFN.DLL 2007-03-25 04:19:23 1281 --a------ C:\WINDOWS\system32\mPe1aD0J.dll 2007-03-25 04:19:21 910336 --a------ C:\WINDOWS\system32\ntd11.dll 2007-03-25 04:14:10 0 d------c- C:\Avenger 2007-03-24 23:10:43 179083 --a------ C:\WINDOWS\system32\system2.exe 2007-03-24 23:09:33 246863 --a------ C:\WINDOWS\system32\system1.exe 2007-03-21 15:39:27 11126211 --a------ C:\WINDOWS\system32\ManageEngine_OpManager_6_windows.exe 2007-03-20 15:51:12 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-20 15:51:06 0 d-------- C:\Program Files\Grisoft 2007-03-17 15:02:45 57344 --a------ C:\WINDOWS\g3.exe 2007-03-17 15:00:24 375296 --a------ C:\WINDOWS\system32\realshed.exe 2007-03-17 14:42:05 0 d-------- C:\WINDOWS\cursor 2007-03-17 14:39:48 0 d-------- C:\Program Files\Common Files\Ruango 2007-03-13 15:21:42 0 d-------- C:\Program Files\Common Files\Skype 2007-03-13 15:21:22 0 d-------- C:\Program Files\Skype 2007-03-13 15:07:43 0 d-------- C:\WINDOWS\system32\MDserivces 2007-03-02 19:34:45 1310 --a------ C:\WINDOWS\gmer.reg 2007-03-02 19:18:49 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-01 22:55:04 0 d------c- C:!KillBox 2007-02-28 11:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-02-27 19:33:05 0 d------c- C:\temp 2007-02-27 12:22:14 0 d-------- C:\WINDOWS\system32\system – Find3M Report --------------------------------------------------------------- 2007-03-25 04:41:50 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Skype 2007-03-25 04:21:23 439528 --a----c- C:\WINDOWS\system32\perfh015.dat 2007-03-25 04:21:23 68450 --a----c- C:\WINDOWS\system32\perfc015.dat 2007-03-25 04:17:58 0 d-------- C:\Program Files\Gadu-Gadu 2007-03-24 15:23:11 0 d-------- C:\Program Files\ffdshow 2007-03-15 17:40:33 0 d-------- C:\Program Files\Real 2007-03-12 19:33:07 0 d-------- C:\Program Files\Google 2007-03-06 23:14:27 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\ppstream 2007-02-28 11:14:06 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Lavasoft 2007-02-21 18:26:15 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\SmartShopper 2007-02-18 10:15:03 0 d-------- C:\Program Files\DivX 2007-02-17 20:59:24 0 d-------- C:\Program Files\MarBit 2007-02-17 20:13:49 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Media Player Classic 2007-02-17 20:08:55 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Real 2007-02-16 23:34:18 0 d-------- C:\Program Files\Ski Jump International 2007-02-16 18:21:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-16 12:23:35 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Apple Computer 2007-02-16 12:23:15 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-16 12:22:57 0 d-------- C:\Program Files\QuickTime 2007-02-03 00:07:44 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Azureus 2007-02-02 20:42:40 65448 --a------ C:\Documents and Settings\griszk@\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-02-01 06:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 19:32:46 0 d-------- C:\Program Files\BearShare 2007-01-30 07:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 07:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 07:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 06:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 06:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-28 23:59:22 0 d-------- C:\Program Files\Yahoo! 2007-01-28 22:32:14 0 d-------- C:\Program Files\Ahead 2007-01-25 21:39:40 0 d-------- C:\Program Files\Mozilla Firefox 2007-01-20 22:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-12-25 15:15:07 2938 --a----c- C:\WINDOWS\mozver.dat – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “MSN9.1”=“C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\B1OS.DLL,Run” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” @="" “Sony Ericsson PC Suite”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 “NoDispAppearancePage”=dword:00000000 “NoColorChoice”=dword:00000000 “NoSizeChoice”=dword:00000000 “NoDispBackgroundPage”=dword:00000000 “NoDispScrSavPage”=dword:00000000 “NoDispCPL”=dword:00000000 “NoVisualStyleChoice”=dword:00000000 “NoDispSettingsPage”=dword:00000000 “DisableRegistryTools”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktopChanges”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktop”=dword:00000000 “NoSaveSettings”=dword:00000000 “NoThemesTab”=dword:00000000 “ForceActiveDesktopOn”=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WmdmPMD REG_MULTI_SZ WmdmPMD\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{70237cf1-1d61-11db-b9db-00138f291aa7}] Shell\AutoRun\command G:\Autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{8e2a953c-82cc-11db-bb23-00138f291aa7}] Shell\AutoRun\command F:\autorun.exe – End of ComboScan: finished at 2007-03-25 at 13:53:45 ------------------------

adam9870 · 25 Marzec 2007 13:19

Pobierz The avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w lupkę => w okienku, które się otworzy wklej:

Drivers to unload: edfscv gvkgaf87 swvnbi60 tdscw wwnunm31 ascguhev Files to delete: C:\WINDOWS\system32\fgdfsdf.exe C:\WINDOWS\System32\DRIVERS\gvkgaf87.sys C:\WINDOWS\System32\DRIVERS\swvnbi60.sys Service C:\WINDOWS\System32\DRIVERS\tdscw.sys C:\WINDOWS\System32\DRIVERS\wwnunm31.sys C:\WINDOWS\system32\MTZFNVCJ.DLL C:\WINDOWS\system32\UAGNVCJRYFN.DLL C:\WINDOWS\system32\mPe1aD0J.dll C:\WINDOWS\system32\ntd11.dll C:\WINDOWS\system32\system2.exe C:\WINDOWS\system32\system1.exe C:\WINDOWS\system32\B1OS.DLL C:\WINDOWS\System32\Drivers\ascguhev.SYS Folders to delete: C:\Program Files\Common Files\CPUSH Registry keys to delete: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\edfscv HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\edfscv HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\edfscv HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gvkgaf87 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gvkgaf87 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gvkgaf87 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swvnbi60 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\swvnbi60 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swvnbi60 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdscw HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdscw HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdscw HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wwnunm31 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wwnunm31 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wwnunm31 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ascguhev HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ascguhev HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ascguhev Registry values to delete: “HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run” | “MSN9.1”

=> Kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po resecie może pojawić się okienko na dosłownie kilka sekund oraz log w notatniku. Wejdź tam gdzie masz avengera i skasuj plik backup.zip czyli np. c:\avenger\backup.zip.

Usuń wpisy HJT.

Po wykonaniu wklej nowe logi. Dorzuć log z SilentRunners.

griszka · 25 Marzec 2007 14:54

logi z gmera GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-25 16:52:57 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? C:\WINDOWS\system32\drivers\tdscw.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload F86DD62C 5 Bytes JMP 8118D1B8 ? System32\Drivers\aeczjucg.SYS Nie można odnaleźć określonego pliku. ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 813501D8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP FF9C72A0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP FF9C72A0 Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_DEVICE_CONTROL [F9559A7C] GDTdiIcpt.sys Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F9559A7C] GDTdiIcpt.sys Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE FFB751D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE FFB751D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER FFB751D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP FFB751D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 812FA1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE FFB751D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE FFB751D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER FFB751D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP FFB751D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE FFB751D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE FFB751D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER FFB751D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP FFB751D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE FFB751D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE FFB751D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER FFB751D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP FFB751D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE FFB741D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE FFB741D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL FFB741D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB741D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER FFB741D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL FFB741D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP FFB741D8 Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_DEVICE_CONTROL [F9559A7C] GDTdiIcpt.sys Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_INTERNAL_DEVICE_CONTROL [F9559A7C] GDTdiIcpt.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 813521D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE FFB1D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE FFB1D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ FF980378 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE FFB1D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS FFB1D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL FF9802F0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN FFB1D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER FFB1D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL FFB1D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP FFB1D1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE FFB1D1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE FFB1D1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ FF980378 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE FFB1D1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS FFB1D1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL FF9802F0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1D1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN FFB1D1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER FFB1D1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL FFB1D1D8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP FFB1D1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL FF97F940 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL FF97F940 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL FF97F940 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL FF97F940 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_PNP 813511D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE FFB1D1D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE FFB1D1D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ FF980378 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE FFB1D1D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS FFB1D1D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL FF9802F0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1D1D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN FFB1D1D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER FFB1D1D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL FFB1D1D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP FFB1D1D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE FF9DA1D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE FF9DA1D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL FF9DA1D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL FF9DA1D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP FF9DA1D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP FF9DA1D8 Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_DEVICE_CONTROL [F9559A7C] GDTdiIcpt.sys Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F9559A7C] GDTdiIcpt.sys Device \Driver\00000051 \Device\0000004f IRP_MJ_POWER [F9178C7E] sptd.sys Device \Driver\00000051 \Device\0000004f IRP_MJ_SYSTEM_CONTROL [F91922A2] sptd.sys Device \Driver\00000051 \Device\0000004f IRP_MJ_PNP [F9193228] sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_CREATE FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_CLOSE FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_DEVICE_CONTROL FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_INTERNAL_DEVICE_CONTROL FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_CLEANUP FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_PNP FF9DA1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE FFB751D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE FFB751D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER FFB751D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP FFB751D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE FFB751D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE FFB751D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER FFB751D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP FFB751D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP FF5A51D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE FFB751D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE FFB751D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER FFB751D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP FFB751D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA FF5A51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP FF5A51D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_CREATE FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_CLOSE FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_DEVICE_CONTROL FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_INTERNAL_DEVICE_CONTROL FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_CLEANUP FF9DA1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_PNP FF9DA1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE FFB751D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE FFB751D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER FFB751D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL FFB751D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP FFB751D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE FFB741D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE FFB741D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL FFB741D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB741D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER FFB741D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL FFB741D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP FFB741D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 813521D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 811A31A0 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CLEANUP FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_POWER FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA FF9A31D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_PNP FF9A31D8 Device \Driver\aeczjucg \Device\Scsi\aeczjucg1 IRP_MJ_CREATE FFA5B1D8 Device \Driver\aeczjucg \Device\Scsi\aeczjucg1 IRP_MJ_CLOSE FFA5B1D8 Device \Driver\aeczjucg \Device\Scsi\aeczjucg1 IRP_MJ_DEVICE_CONTROL FFA5B1D8 Device \Driver\aeczjucg \Device\Scsi\aeczjucg1 IRP_MJ_INTERNAL_DEVICE_CONTROL FF815890 Device \Driver\aeczjucg \Device\Scsi\aeczjucg1 IRP_MJ_POWER FFA5B1D8 Device \Driver\aeczjucg \Device\Scsi\aeczjucg1 IRP_MJ_SYSTEM_CONTROL FFA5B1D8 Device \Driver\aeczjucg \Device\Scsi\aeczjucg1 IRP_MJ_PNP FFA5B1D8 Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_READ FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP FF9C72A0 Device \FileSystem\Fastfat \Fat IRP_MJ_PNP FF9C72A0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 811BD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 811BD1D8 ---- Threads - GMER 1.0.12 ---- Thread 4:160 812F9B08 ---- EOF - GMER 1.0.12 ---- GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-25 16:54:49 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [DISABLED] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service System32\DRIVERS\gvkgaf87.sys [bOOT] gvkgaf87 Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service