Nie mogę pozbyć się trojanów i fałszywych portali

adam9870 · 25 Marzec 2007 15:00

Wklej brakującą część loga z Gmera wykonanego przy ustawieniu usługi + pokazuj wszystko plus nowy log z hijacka, silenta i combofixa.

griszka · 25 Marzec 2007 15:02

pozosałe Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “(Default)” = “(empty string)” [file not found] “Sony Ericsson PC Suite” = ““C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions” [“Sony Ericsson Mobile Communications AB”] “Onet.pl AutoUpdate” = “C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” [“Onet.pl”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll” [“Alcohol Soft Development Team”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Context Menu Shell Extension” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <> “Shell” = “Explorer.exe realshed.exe” [MS], [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktop” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ClassicShell” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} “NoThemesTab” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Enable Active Desktop} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options| Remove Task Manager} “NoDispAppearancePage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoColorChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSizeChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispBackgroundPage” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Hide Desktop tab} “NoDispScrSavPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispCPL” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Remove Display in Control Panel} “NoVisualStyleChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispSettingsPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\griszk@\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\WISA_6~1.SCR” (WISŁA_6.scr) [null data] Startup items in “griszk@” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\griszk@\Menu Start\Programy\Autostart “Yahoo! Widget Engine” -> shortcut to: “D:\Yahoo! Widget Engine\YahooWidgetEngine.exe” [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ruango” -> shortcut to: “C:\WINDOWS\system32\MSRundll.exe C:\PROGRA~1\COMMON~1\Ruango\Player.dll,Always” [file not found] Enabled Scheduled Tasks: ------------------------ “vfnAFyyBcggeUiHJyJBH” -> launches: “C:\WINDOWS\system32\3076\zghkegj.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{197A85BC-BD97-4404-A702-95E556E4DAEB}(Default) = “Kwso” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\Program Files\Common Files\WANSO\SoBar.dll” [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Portable Media, WmdmPMD, “C:\WINDOWS\system32\Svchost.exe -k WmdmPMD” {“C:\WINDOWS\system32\MDserivces\services\svchost.dll” [MS]} StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 113 seconds. ---------- (total run time: 206 seconds) ComboScan v20070306.20 run by griszk@ on 2007-03-25 at 17:00:40 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as griszk@.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 17:00:46, on 2007-03-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\Svchost.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\eMule\emule.exe C:\WINDOWS\system32\3076\zghkegj.exe C:\Documents and Settings\griszk@\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\griszk@.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://caiyi8.com F2 - REG:system.ini: Shell=Explorer.exe realshed.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: ruango.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe – Files created between 2007-02-25 and 2007-03-25 ----------------------------- 2007-03-25 11:31:59 39 --a------ C:\WINDOWS\system32\MTZFNVCJ.DLL 2007-03-25 04:19:23 67 --a------ C:\WINDOWS\system32\UAGNVCJRYFN.DLL 2007-03-25 04:19:23 1281 --a------ C:\WINDOWS\system32\mPe1aD0J.dll 2007-03-25 04:19:21 910336 --a------ C:\WINDOWS\system32\ntd11.dll 2007-03-24 23:10:43 179083 --a------ C:\WINDOWS\system32\system2.exe 2007-03-24 23:09:33 246863 --a------ C:\WINDOWS\system32\system1.exe 2007-03-21 15:39:27 11126211 --a------ C:\WINDOWS\system32\ManageEngine_OpManager_6_windows.exe 2007-03-20 15:51:12 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-20 15:51:06 0 d-------- C:\Program Files\Grisoft 2007-03-17 15:02:45 57344 --a------ C:\WINDOWS\g3.exe 2007-03-17 15:00:24 375296 --a------ C:\WINDOWS\system32\realshed.exe 2007-03-17 14:42:05 0 d-------- C:\WINDOWS\cursor 2007-03-17 14:39:48 0 d-------- C:\Program Files\Common Files\Ruango 2007-03-13 15:21:42 0 d-------- C:\Program Files\Common Files\Skype 2007-03-13 15:21:22 0 d-------- C:\Program Files\Skype 2007-03-13 15:07:43 0 d-------- C:\WINDOWS\system32\MDserivces 2007-03-02 19:34:45 1310 --a------ C:\WINDOWS\gmer.reg 2007-03-02 19:18:49 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-01 22:55:04 0 d------c- C:!KillBox 2007-02-28 11:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-02-27 19:33:05 0 d------c- C:\temp 2007-02-27 12:22:14 0 d-------- C:\WINDOWS\system32\system – Find3M Report --------------------------------------------------------------- 2007-03-25 04:41:50 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Skype 2007-03-25 04:21:23 439528 --a----c- C:\WINDOWS\system32\perfh015.dat 2007-03-25 04:21:23 68450 --a----c- C:\WINDOWS\system32\perfc015.dat 2007-03-25 04:17:58 0 d-------- C:\Program Files\Gadu-Gadu 2007-03-24 15:23:11 0 d-------- C:\Program Files\ffdshow 2007-03-15 17:40:33 0 d-------- C:\Program Files\Real 2007-03-12 19:33:07 0 d-------- C:\Program Files\Google 2007-03-06 23:14:27 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\ppstream 2007-02-28 11:14:06 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Lavasoft 2007-02-21 18:26:15 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\SmartShopper 2007-02-18 10:15:03 0 d-------- C:\Program Files\DivX 2007-02-17 20:59:24 0 d-------- C:\Program Files\MarBit 2007-02-17 20:13:49 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Media Player Classic 2007-02-17 20:08:55 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Real 2007-02-16 23:34:18 0 d-------- C:\Program Files\Ski Jump International 2007-02-16 18:21:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-16 12:23:35 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Apple Computer 2007-02-16 12:23:15 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-16 12:22:57 0 d-------- C:\Program Files\QuickTime 2007-02-03 00:07:44 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Azureus 2007-02-02 20:42:40 65448 --a------ C:\Documents and Settings\griszk@\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-02-01 06:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 19:32:46 0 d-------- C:\Program Files\BearShare 2007-01-30 07:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 07:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 07:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 06:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 06:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-28 23:59:22 0 d-------- C:\Program Files\Yahoo! 2007-01-28 22:32:14 0 d-------- C:\Program Files\Ahead 2007-01-25 21:39:40 0 d-------- C:\Program Files\Mozilla Firefox 2007-01-20 22:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-12-25 15:15:07 2938 --a----c- C:\WINDOWS\mozver.dat – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” @="" “Sony Ericsson PC Suite”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 “NoDispAppearancePage”=dword:00000000 “NoColorChoice”=dword:00000000 “NoSizeChoice”=dword:00000000 “NoDispBackgroundPage”=dword:00000000 “NoDispScrSavPage”=dword:00000000 “NoDispCPL”=dword:00000000 “NoVisualStyleChoice”=dword:00000000 “NoDispSettingsPage”=dword:00000000 “DisableRegistryTools”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktopChanges”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktop”=dword:00000000 “NoSaveSettings”=dword:00000000 “NoThemesTab”=dword:00000000 “ForceActiveDesktopOn”=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WmdmPMD REG_MULTI_SZ WmdmPMD\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{70237cf1-1d61-11db-b9db-00138f291aa7}] Shell\AutoRun\command G:\Autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{8e2a953c-82cc-11db-bb23-00138f291aa7}] Shell\AutoRun\command F:\autorun.exe – End of ComboScan: finished at 2007-03-25 at 17:01:19 ------------------------

adam9870 · 25 Marzec 2007 15:15

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

W zakładce Procesy wybierz Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer’a
W zakładce Usługi skasuj z prawokliku usługę edfscv
W zakładce Procesy kliknij Pliki i usuń:

Zrestartuj komputer ręcznie przyciskiem na obudowie
Po resecie otwórz Gmer’a i w zakładce CMD z zaznaczoną opcją REGEDIT.EXE wklej:

Kliknij Uruchom i reset.

Start >>> programy >>> akcesoria >>> narzędzia systemowe >>> zaplanowane zadania >>> skasuj z prawokliku vfnAFyyBcggeUiHJyJBH

Usuń wpis HJT jeśli będzie.

Po wykonaniu wklej nowe logi. Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

griszka · 25 Marzec 2007 18:14

z

gmera GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-25 20:12:57 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ? C:\WINDOWS\system32\drivers\tdscw.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload F871062C 5 Bytes JMP FFB201B8 ? System32\Drivers\a1bajpsa.SYS Nie można odnaleźć określonego pliku. ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 813501D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 813501D8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP FF95E7E8 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP FF95E7E8 Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_DEVICE_CONTROL [F9629A7C] GDTdiIcpt.sys Device \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F9629A7C] GDTdiIcpt.sys Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP FFB1B1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 812FA1D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 812FA1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP FFB1B1D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE FFB1A1D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE FFB1A1D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL FFB1A1D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1A1D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER FFB1A1D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL FFB1A1D8 Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP FFB1A1D8 Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_DEVICE_CONTROL [F9629A7C] GDTdiIcpt.sys Device \Driver\aswTdi \Device\ASWTDI IRP_MJ_INTERNAL_DEVICE_CONTROL [F9629A7C] GDTdiIcpt.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 813521D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 813521D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE FFAD6980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE FFAD6980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ FF908438 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE FFAD6980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS FFAD6980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL FF9076C8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL FFAD6980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN FFAD6980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER FFAD6980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL FFAD6980 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP FFAD6980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE FFAD6980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE FFAD6980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ FF908438 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE FFAD6980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS FFAD6980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL FF9076C8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL FFAD6980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN FFAD6980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER FFAD6980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL FFAD6980 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP FFAD6980 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL FF907640 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL FF907640 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL FF907640 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CREATE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_CLOSE 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_DEVICE_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL FF907640 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_POWER 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_SYSTEM_CONTROL 813511D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_PNP 813511D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE FFAD6980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE FFAD6980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ FF908438 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE FFAD6980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS FFAD6980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL FF9076C8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL FFAD6980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN FFAD6980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER FFAD6980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL FFAD6980 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP FFAD6980 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE FF9491D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE FF9491D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL FF9491D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL FF9491D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP FF9491D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP FF9491D8 Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_DEVICE_CONTROL [F9629A7C] GDTdiIcpt.sys Device \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F9629A7C] GDTdiIcpt.sys Device \Driver\00000051 \Device\0000004f IRP_MJ_POWER [F9178C7E] sptd.sys Device \Driver\00000051 \Device\0000004f IRP_MJ_SYSTEM_CONTROL [F91922A2] sptd.sys Device \Driver\00000051 \Device\0000004f IRP_MJ_PNP [F9193228] sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_CREATE FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_CLOSE FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_DEVICE_CONTROL FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_INTERNAL_DEVICE_CONTROL FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_CLEANUP FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8F0086FF-ABF7-4101-B033-9867B3B21653} IRP_MJ_PNP FF9491D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP FFB1B1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP FF53A1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP FFB1B1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA FF53A1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP FF53A1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_CREATE FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_CLOSE FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_DEVICE_CONTROL FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_INTERNAL_DEVICE_CONTROL FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_CLEANUP FF9491D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1E9BE00-C4B1-4BF6-BAF0-439D52635049} IRP_MJ_PNP FF9491D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL FFB1B1D8 Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP FFB1B1D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE FFB1A1D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE FFB1A1D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL FFB1A1D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL FFB1A1D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER FFB1A1D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL FFB1A1D8 Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP FFB1A1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 813521D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 813521D8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CREATE FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CREATE_NAMED_PIPE FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CLOSE FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_READ FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_WRITE FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_INFORMATION FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_INFORMATION FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_EA FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_EA FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_FLUSH_BUFFERS FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_VOLUME_INFORMATION FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_VOLUME_INFORMATION FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_DIRECTORY_CONTROL FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_FILE_SYSTEM_CONTROL FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_DEVICE_CONTROL FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_INTERNAL_DEVICE_CONTROL FF93A6B8 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SHUTDOWN FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_LOCK_CONTROL FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CLEANUP FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_CREATE_MAILSLOT FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_SECURITY FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_SECURITY FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_POWER FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SYSTEM_CONTROL FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_DEVICE_CHANGE FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_QUERY_QUOTA FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_SET_QUOTA FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1 IRP_MJ_PNP FF941980 Device \Driver\a1bajpsa \Device\Scsi\a1bajpsa1Port3Path0Target0Lun0 IRP_MJ_CREATE FFAA77C0 Device \Driver\a1bajpsa \Device\Scsi\a1bajpsa1Port3Path0Target0Lun0 IRP_MJ_CLOSE FFAA77C0 Device \Driver\a1bajpsa \Device\Scsi\a1bajpsa1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL FFAA77C0 Device \Driver\a1bajpsa \Device\Scsi\a1bajpsa1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL FF8109B8 Device \Driver\a1bajpsa \Device\Scsi\a1bajpsa1Port3Path0Target0Lun0 IRP_MJ_POWER FFAA77C0 Device \Driver\a1bajpsa \Device\Scsi\a1bajpsa1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL FFAA77C0 Device \Driver\a1bajpsa \Device\Scsi\a1bajpsa1Port3Path0Target0Lun0 IRP_MJ_PNP FFAA77C0 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CREATE FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_CLOSE FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_READ FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_WRITE FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_EA FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL FF941980 Device \Driver\st3wolf \Device\Scsi\st3wolf1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL FF941980 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 812CA800 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 812CA800 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 812CA800 ---- Threads - GMER 1.0.12 ---- Thread 4:160 812F9B08 ---- EOF - GMER 1.0.12 ---- GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-25 20:13:50 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [DISABLED] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service System32\DRIVERS\gvkgaf87.sys [bOOT] gvkgaf87 Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service

adam9870 · 25 Marzec 2007 19:16

Proszę dokleić brakującą część loga z Gmer’a (usługi + pokazuj wszystko) i wkleić pozostałe logi, o które prosiłem.

griszka · 25 Marzec 2007 19:18

pozostałe są tutaj http://www.imagic.pl/ griszka44 przynajmniej mam taką nadzieje bo jakoś nie mogę przejść przez te serwisy hostingowe

adam9870 · 25 Marzec 2007 19:29

Spróbuj wrzucić plik/i z logami tutaj:

http://rapidshare.com/

Lub logi wkleić na stronie:

http://wklej.org/

griszka · 25 Marzec 2007 20:26

na wszelki wypadek

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-25 22:25:39 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [DISABLED] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service System32\DRIVERS\gvkgaf87.sys [bOOT] gvkgaf87 Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\system32\DRIVERS\irsir.sys [MANUAL] irsir Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\DRIVERS\MA-620.sys [MANUAL] MA-620 Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service ndisrd Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service C:\WINDOWS\system32\npptNT2.sys [sYSTEM] NPPTNT2 Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\skbusenum.sys [MANUAL] skbusenum Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\DRIVERS\st3wolf.sys [MANUAL] st3wolf Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [AUTO] StarWindService Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [bOOT] stwlfbus Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service System32\DRIVERS\swvnbi60.sys [bOOT] swvnbi60 Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service C:\WINDOWS\System32\DRIVERS\tdscw.sys [bOOT] tdscw Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\system32\drivers\klif.sys [MANUAL] TSP Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\system32\Svchost.exe [AUTO] WmdmPMD Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service System32\DRIVERS\wwnunm31.sys [bOOT] wwnunm31 Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {07F9D194-CE5F-4342-8481-551C699EC495} Service {8F0086FF-ABF7-4101-B033-9867B3B21653} Service {E1E9BE00-C4B1-4BF6-BAF0-439D52635049} Service [MANUAL] a1bajpsa ---- EOF - GMER 1.0.12 ----

Złączono Posta : 25.03.2007 (Nie) 21:32

brakujące

ComboScan v20070306.20 run by griszk@ on 2007-03-25 at 22:30:11 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as griszk@.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:30:18, on 2007-03-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\Svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe D:\eMule\emule.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\griszk@\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\griszk@.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://caiyi8.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: ruango.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe – Files created between 2007-02-25 and 2007-03-25 ----------------------------- 2007-03-21 15:39:27 11126211 --a------ C:\WINDOWS\system32\ManageEngine_OpManager_6_windows.exe 2007-03-20 15:51:12 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-20 15:51:06 0 d-------- C:\Program Files\Grisoft 2007-03-17 15:02:45 57344 --a------ C:\WINDOWS\g3.exe 2007-03-17 14:42:05 0 d-------- C:\WINDOWS\cursor 2007-03-17 14:39:48 0 d-a------ C:\Program Files\Common Files\Ruango 2007-03-13 15:21:42 0 d-------- C:\Program Files\Common Files\Skype 2007-03-13 15:21:22 0 d-------- C:\Program Files\Skype 2007-03-13 15:07:43 0 d-------- C:\WINDOWS\system32\MDserivces 2007-03-02 19:34:45 320 --a------ C:\WINDOWS\gmer.reg 2007-03-02 19:18:49 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-01 22:55:04 0 d------c- C:!KillBox 2007-02-28 11:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-02-27 19:33:05 0 d------c- C:\temp 2007-02-27 12:22:14 0 d-------- C:\WINDOWS\system32\system – Find3M Report --------------------------------------------------------------- 2007-03-25 04:41:50 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Skype 2007-03-25 04:21:23 439528 --a----c- C:\WINDOWS\system32\perfh015.dat 2007-03-25 04:21:23 68450 --a----c- C:\WINDOWS\system32\perfc015.dat 2007-03-25 04:17:58 0 d-------- C:\Program Files\Gadu-Gadu 2007-03-24 15:23:11 0 d-------- C:\Program Files\ffdshow 2007-03-15 17:40:33 0 d-------- C:\Program Files\Real 2007-03-12 19:33:07 0 d-------- C:\Program Files\Google 2007-03-06 23:14:27 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\ppstream 2007-02-28 11:14:06 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Lavasoft 2007-02-21 18:26:15 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\SmartShopper 2007-02-18 10:15:03 0 d-------- C:\Program Files\DivX 2007-02-17 20:59:24 0 d-------- C:\Program Files\MarBit 2007-02-17 20:13:49 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Media Player Classic 2007-02-17 20:08:55 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Real 2007-02-16 23:34:18 0 d-------- C:\Program Files\Ski Jump International 2007-02-16 18:21:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-16 12:23:35 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Apple Computer 2007-02-16 12:23:15 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-16 12:22:57 0 d-------- C:\Program Files\QuickTime 2007-02-03 00:07:44 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Azureus 2007-02-02 20:42:40 65448 --a------ C:\Documents and Settings\griszk@\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-02-01 06:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 19:32:46 0 d-------- C:\Program Files\BearShare 2007-01-30 07:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 07:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 07:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 06:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 06:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-28 23:59:22 0 d-------- C:\Program Files\Yahoo! 2007-01-28 22:32:14 0 d-------- C:\Program Files\Ahead 2007-01-25 21:39:40 0 d-------- C:\Program Files\Mozilla Firefox 2007-01-20 22:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-12-25 15:15:07 2938 --a----c- C:\WINDOWS\mozver.dat – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” @="" “Sony Ericsson PC Suite”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 “NoDispAppearancePage”=dword:00000000 “NoColorChoice”=dword:00000000 “NoSizeChoice”=dword:00000000 “NoDispBackgroundPage”=dword:00000000 “NoDispScrSavPage”=dword:00000000 “NoDispCPL”=dword:00000000 “NoVisualStyleChoice”=dword:00000000 “NoDispSettingsPage”=dword:00000000 “DisableRegistryTools”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktopChanges”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktop”=dword:00000000 “NoSaveSettings”=dword:00000000 “NoThemesTab”=dword:00000000 “ForceActiveDesktopOn”=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WmdmPMD REG_MULTI_SZ WmdmPMD\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{70237cf1-1d61-11db-b9db-00138f291aa7}] Shell\AutoRun\command G:\Autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{8e2a953c-82cc-11db-bb23-00138f291aa7}] Shell\AutoRun\command F:\autorun.exe – End of ComboScan: finished at 2007-03-25 at 22:30:48 ------------------------ Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “(Default)” = “(empty string)” [file not found] “Sony Ericsson PC Suite” = ““C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions” [“Sony Ericsson Mobile Communications AB”] “Onet.pl AutoUpdate” = “C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” [“Onet.pl”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll” [“Alcohol Soft Development Team”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A5110426-177D-4e08-AB3F-785F10B4439C}” = “Sony Ericsson File Manager” -> {HKLM…CLSID} = “Sony Ericsson File Manager” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll” [“Sony Ericsson Mobile Communications AB”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Context Menu Shell Extension” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Context Menu” \InProcServer32(Default) = “D:\A-SQUA~1\A2FREE~1.DLL” [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktop” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ClassicShell” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} “NoThemesTab” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Enable Active Desktop} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options| Remove Task Manager} “NoDispAppearancePage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoColorChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSizeChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispBackgroundPage” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Hide Desktop tab} “NoDispScrSavPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispCPL” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Remove Display in Control Panel} “NoVisualStyleChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoDispSettingsPage” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\griszk@\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\WISA_6~1.SCR” (WISŁA_6.scr) [null data] Startup items in “griszk@” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\griszk@\Menu Start\Programy\Autostart “Yahoo! Widget Engine” -> shortcut to: “D:\Yahoo! Widget Engine\YahooWidgetEngine.exe” [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “ruango” -> shortcut to: “C:\WINDOWS\system32\MSRundll.exe C:\PROGRA~1\COMMON~1\Ruango\Player.dll,Always” [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Portable Media, WmdmPMD, “C:\WINDOWS\system32\Svchost.exe -k WmdmPMD” {“C:\WINDOWS\system32\MDserivces\services\svchost.dll” [MS]} StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 121 seconds. ---------- (total run time: 188 seconds)

adam9870 · 26 Marzec 2007 12:07

W Gmerze:

W zakładce Procesy wybierz Gmer awaryjny. Teraz komputer się zrestartuje i pozostanie samo okienko Gmer’a
W zakładce Usługi skasuj z prawokliku usługi: edfscv, skbusenum, swvnbi60, tdscw, wwnunm31 oraz a1bajpsa
W zakładce Procesy kliknij Pliki i usuń:

W zakładce Procesy przez … (trzy kropki) wskaż hijacka i usuń wpis:

Zrestartuj komputer ręcznie przyciskiem na obudowie.

Po wykonaniu wklej nowy log z Gmer’a wykonany przy ustawieniu usługi + pokazuj wszystko, hijackthis plus log z ComboFix.

griszka · 27 Marzec 2007 12:26

nie mogę w gmerze w procesach usunąć większości plików gdyż pokazują mi się błedy

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-27 14:25:53 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\System32\drivers\aspi32.sys [AUTO] Aspi32 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner Service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner Service C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [AUTO] AVG Anti-Spyware Guard Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service System32\Drivers\dtscsi.sys [MANUAL] dtscsi Service C:\WINDOWS\system32\fgdfsdf.exe [DISABLED] edfscv Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [AUTO] GDTdiInterceptor Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service System32\DRIVERS\gvkgaf87.sys [bOOT] gvkgaf87 Service C:\WINDOWS\system32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\system32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon Service C:\WINDOWS\system32\DRIVERS\irsir.sys [MANUAL] irsir Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\k750bus.sys [MANUAL] k750bus Service C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [MANUAL] k750mdfl Service C:\WINDOWS\system32\DRIVERS\k750mdm.sys [MANUAL] k750mdm Service C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [MANUAL] k750mgmt Service C:\WINDOWS\system32\DRIVERS\k750obex.sys [MANUAL] k750obex Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\system32\DRIVERS\MA-620.sys [MANUAL] MA-620 Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401 Service [bOOT] Mup Service [bOOT] NDIS Service ndisrd Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [MANUAL] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service C:\WINDOWS\system32\npptNT2.sys [sYSTEM] NPPTNT2 Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [bOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service system32\DRIVERS\skbusenum.sys [MANUAL] skbusenum Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\DRIVERS\st3wolf.sys [MANUAL] st3wolf Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [AUTO] StarWindService Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [bOOT] stwlfbus Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service System32\DRIVERS\swvnbi60.sys [bOOT] swvnbi60 Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service C:\WINDOWS\System32\DRIVERS\tdscw.sys [bOOT] tdscw Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\system32\drivers\klif.sys [MANUAL] TSP Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\svchost.exe [MANUAL] usprserv Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\system32\Svchost.exe [AUTO] WmdmPMD Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service System32\DRIVERS\wwnunm31.sys [bOOT] wwnunm31 Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {07F9D194-CE5F-4342-8481-551C699EC495} Service {8F0086FF-ABF7-4101-B033-9867B3B21653} Service {E1E9BE00-C4B1-4BF6-BAF0-439D52635049} Service [MANUAL] aftn5bam ---- EOF - GMER 1.0.12 ---- ComboScan v20070306.20 run by griszk@ on 2007-03-27 at 14:26:14 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as griszk@.exe) --------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:26:22, on 2007-03-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\Svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\griszk@\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\griszk@.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://caiyi8.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe – Files created between 2007-02-27 and 2007-03-27 ----------------------------- 2007-03-21 15:39:27 11126211 --a------ C:\WINDOWS\system32\ManageEngine_OpManager_6_windows.exe 2007-03-20 15:51:12 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-03-20 15:51:06 0 d-------- C:\Program Files\Grisoft 2007-03-17 15:02:45 57344 --a------ C:\WINDOWS\g3.exe 2007-03-17 14:42:05 0 d-------- C:\WINDOWS\cursor 2007-03-17 14:39:48 0 d-a------ C:\Program Files\Common Files\Ruango 2007-03-13 15:21:42 0 d-------- C:\Program Files\Common Files\Skype 2007-03-13 15:21:22 0 d-------- C:\Program Files\Skype 2007-03-13 15:07:43 0 d-------- C:\WINDOWS\system32\MDserivces 2007-03-02 19:34:45 320 --a------ C:\WINDOWS\gmer.reg 2007-03-02 19:18:49 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-01 22:55:04 0 d------c- C:!KillBox 2007-02-28 11:13:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-02-27 19:33:05 0 d------c- C:\temp 2007-02-27 12:22:14 0 d-------- C:\WINDOWS\system32\system – Find3M Report --------------------------------------------------------------- 2007-03-25 04:41:50 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Skype 2007-03-25 04:21:23 439528 --a----c- C:\WINDOWS\system32\perfh015.dat 2007-03-25 04:21:23 68450 --a----c- C:\WINDOWS\system32\perfc015.dat 2007-03-25 04:17:58 0 d-------- C:\Program Files\Gadu-Gadu 2007-03-24 15:23:11 0 d-------- C:\Program Files\ffdshow 2007-03-15 17:40:33 0 d-------- C:\Program Files\Real 2007-03-12 19:33:07 0 d-------- C:\Program Files\Google 2007-03-06 23:14:27 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\ppstream 2007-02-28 11:14:06 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Lavasoft 2007-02-21 18:26:15 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\SmartShopper 2007-02-18 10:15:03 0 d-------- C:\Program Files\DivX 2007-02-17 20:59:24 0 d-------- C:\Program Files\MarBit 2007-02-17 20:13:49 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Media Player Classic 2007-02-17 20:08:55 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Real 2007-02-16 23:34:18 0 d-------- C:\Program Files\Ski Jump International 2007-02-16 18:21:00 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-02-16 12:23:35 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Apple Computer 2007-02-16 12:23:15 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-16 12:22:57 0 d-------- C:\Program Files\QuickTime 2007-02-03 00:07:44 0 d-------- C:\Documents and Settings\griszk@\Dane aplikacji\Azureus 2007-02-02 20:42:40 65448 --a------ C:\Documents and Settings\griszk@\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-02-01 06:56:06 639066 --a------ C:\WINDOWS\system32\divx.dll 2007-01-31 19:32:46 0 d-------- C:\Program Files\BearShare 2007-01-30 07:03:42 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-30 07:03:28 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-30 07:03:28 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-30 06:56:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-30 06:56:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-28 22:32:14 0 d-------- C:\Program Files\Ahead 2007-01-20 22:26:06 1565480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” @="" “Sony Ericsson PC Suite”="“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions" “Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=dword:00000000 “NoDispAppearancePage”=dword:00000000 “NoColorChoice”=dword:00000000 “NoSizeChoice”=dword:00000000 “NoDispBackgroundPage”=dword:00000000 “NoDispScrSavPage”=dword:00000000 “NoDispCPL”=dword:00000000 “NoVisualStyleChoice”=dword:00000000 “NoDispSettingsPage”=dword:00000000 “DisableRegistryTools”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktopChanges”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoActiveDesktop”=dword:00000000 “NoSaveSettings”=dword:00000000 “NoThemesTab”=dword:00000000 “ForceActiveDesktopOn”=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WmdmPMD REG_MULTI_SZ WmdmPMD\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{70237cf1-1d61-11db-b9db-00138f291aa7}] Shell\AutoRun\command G:\Autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{8e2a953c-82cc-11db-bb23-00138f291aa7}] Shell\AutoRun\command F:\autorun.exe – End of ComboScan: finished at 2007-03-27 at 14:26:49 ------------------------

adam9870 · 27 Marzec 2007 13:41

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT w c:\windows\

Start do z Konsoli Odzyskiwania CD XP i komenda:

BATCH FIX.BAT

W Gmerze:

w zakładce Procesy wybierz Gmer awaryjny >>> komputer się zrestartuje i zostanie samo okienko Gmer’a.
w zakładce Usługi skasuj z prawokliku usługi edfscv, gvkgaf87, skbusenum, swvnbi60, tdscw, wwnunm31, a1bajpsa
zrestartuj komputer ręcznie przyciskiem na obodowie
po resecie otwórz Gmer’a i w zakładce CMD z zaznaczoną opcją REGEDIT.EXE wklej:

Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\edfscv] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\edfscv] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\edfscv] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gvkgaf87] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gvkgaf87] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gvkgaf87] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\skbusenum] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\skbusenum] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\skbusenum] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swvnbi60] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\swvnbi60] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swvnbi60] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdscw] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdscw] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdscw] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wwnunm31] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wwnunm31] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wwnunm31 [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\a1bajpsa] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\a1bajpsa] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a1bajpsa]

Kliknij Uruchom i reset.

Po wykonaniu wklej nowe logi.