Nie mogę zainstalowaćżadnego antywirusa

zbigi7 · 25 Luty 2007 20:49

jakiś wirus mi zniszczył avasta a teraz nie mogęzainstalować żadnego antywirusa:

w przypadku avasta to zawsze brakuje mi kilku plików

między innymi ashavast.exe jeśli się nie mylę

w przypadku nortona 2007 mam taki komunikat

w przypadku pandy 2007 titanium nie mam dostępu do pliku

X:\TITANIUM\Files\Avciman.exe

w przypadku pandy 2007 platinum nie mam dostępu do pliku

X:\Platinum\Files\RFichero\NT\AVENGINE.EXE

W przypadku F-Secure Anti-Virus 2006

Nie mogłem też zainstalować spy boot search&destroy

Skanowałem komputer skanerami on-line:

panda
kaspersky

i usunąłem wszystkie wirusy jakie wykryto

Skanowałem też przeciw spyware:

ad adware-se (miałem już zainstalowany)
webroot spy sweeper
AVG Anti-Spyware 7.5

Co wykryłem to usunąłem.

Próbowałęm też postępować zgodnie z instrukcjami z poniższego wątku,

ale nie pomogło - podaje link

http://forum.idg.pl/index.php?showtopic=52886

Proszę o pomoc,

wiem że coś poblokowało dostęp do plików i niektórych rzeczy tak że nie mogę zainstalować żadnego antywirusa i nawet niektórych antyspyware.

ale nie wiem jak to naprawić.

strazak · 25 Luty 2007 21:10

Proponuję wkleić logi HijackThis, Silent Runners, a ktoś biegły w tych sprawach pewnie Ci pomoże.

popula · 25 Luty 2007 21:38

To może być jakiś rootkit. Proponuję użyć programu GMER (o ile da się zainstalować).

zbigi7 · 25 Luty 2007 23:05

jutro wstawię logi, a gmer w zakłądce rootkit pokazuje:

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-02-26 00:08:51 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT ??\C:\Documents and Settings\Zbigniew\Application Data\hidires\m_hook.sys ZwEnumerateKey SSDT ??\C:\Documents and Settings\Zbigniew\Application Data\hidires\m_hook.sys ZwEnumerateValueKey SSDT ??\C:\Documents and Settings\Zbigniew\Application Data\hidires\m_hook.sys ZwQueryDirectoryFile SSDT ??\C:\Documents and Settings\Zbigniew\Application Data\hidires\m_hook.sys ZwQuerySystemInformation ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823D51D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823D51D8 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 81B84020 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 81B73288 Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 81B7E020 Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 81D1AC18 Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 81B79020 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 81B7C020 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 819D7BF0 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 819D6CE8 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 819D6358 Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 819D5B08 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 819D2538 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 81B7F020 Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 81B7E2E8 Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 819CFE98 Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 819EF428 Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 819B6898 Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 819DB2A0 Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 8198FD18 Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 819C1D18 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 819F2618 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 819BF7B0 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 819EE7B0 Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 819D08A8 Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 819CEEB0 Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 81496820 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 81B81FA8 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 81B81F30 Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 81B80800 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 81B84020 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 81B73288 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 81B7E020 Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 81D1AC18 Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 81B79020 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 81B7C020 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 819D7BF0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 819D6CE8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 819D6358 Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 819D5B08 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 819D2538 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 81B7F020 Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 81B7E2E8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 819CFE98 Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 819EF428 Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 819B6898 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 819DB2A0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 8198FD18 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 819C1D18 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 819F2618 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 819BF7B0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 819EE7B0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 819D08A8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 819CEEB0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 81496820 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 81B81FA8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 81B81F30 Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 81B80800 Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 81B84020 Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 81B73288 Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 81B7E020 Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 81D1AC18 Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 81B79020 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 81B7C020 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 819D7BF0 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 819D6CE8 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 819D6358 Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 819D5B08 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 819D2538 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 81B7F020 Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 81B7E2E8 Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 819CFE98 Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 819EF428 Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 819B6898 Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 819DB2A0 Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 8198FD18 Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 819C1D18 Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 819F2618 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 819BF7B0 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 819EE7B0 Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 819D08A8 Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 819CEEB0 Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 81496820 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 81B81FA8 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 81B81F30 Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 81B80800 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 81B84020 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 81B73288 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 81B7E020 Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 81D1AC18 Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 81B79020 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 81B7C020 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 819D7BF0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 819D6CE8 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 819D6358 Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 819D5B08 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 819D2538 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 81B7F020 Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 81B7E2E8 Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 819CFE98 Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 819EF428 Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 819B6898 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 819DB2A0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 8198FD18 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 819C1D18 Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 819F2618 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 819BF7B0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 819EE7B0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 819D08A8 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 819CEEB0 Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 81496820 Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 81B81FA8 Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 81B81F30 Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 81B80800 ---- EOF - GMER 1.0.12 ----

Gutek · 26 Luty 2007 08:47

Bagle - m_hook.sys

W zakładce Usługi z prawokliku skasować usługę m_hook.
W zakładce CMD dla podopcji CMD wklej ten zestaw komend:

w Procesy opcja Zabij wszystko >>> powrót do CMD klikasz Uruchom

Reset kompa i nowe logi z Gmera.

Rootkit=>szukaj=>bez zaznaczania pokaż wszystko=> Ctrl + V do posta wklej
Rootkit => zaznaczone tylko Pokazuj wszystko + Usługi => Szukaj => Kopiuj => Ctrl + V do posta wklej

zbigi7 · 26 Luty 2007 11:49

Nie mogęskasować usługi m_hook

’

oraz

Po wywołaniu konend w CMD

Katalog nie jest pusty. C:\Documents and Settings\Zbigniew\Local Settings\Temp\JET235B.tmp - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces. C:\Documents and Settings\Zbigniew\Local Settings\Temp\JET2853.tmp - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces. C:\Documents and Settings\Zbigniew\Local Settings\Temp\JET9.tmp - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces. C:\Documents and Settings\Zbigniew\Local Settings\Temp\JETA.tmp - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces. C:\Documents and Settings\Zbigniew\Local Settings\Temp~DFFC3B.tmp - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces. C:\Documents and Settings\Zbigniew\Local Settings\Temp~ROMFN_00000EC8 - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces. C:\Documents and Settings\Zbigniew\Local Settings\Temporary Internet Files\Content.IE5\index.dat - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces. C:\Documents and Settings\Zbigniew\Local Settings\Temporary Internet Files\Content.IE5\ZSGTGP91\getmainbanner[1].htm - Proces nie moľe uzyska† dost©pu do pliku, poniewaľ jest on uľywany przez inny proces.

adam9870 · 26 Luty 2007 13:25

W Gmerze:

W zakładce Procesy kliknij Gmer awaryjny
Zostanie uruchomiony system i zostaniesz spytany przez Gmera czy chcesz zabić wszystkie procesy na, co oczywiście się zgadzasz
W zakładce Usługi skasuj z prawokliku usługę m_hook
W zakładce Procesy kliknij Pliki i opróżnij i usuń:

C:\Documents and Settings\Zbigniew\Application Data\hidires

C:\Documents and Settings\Zbigniew\Ustawienia lokalne\Temp

C:\Documents and Settings\Zbigniew\Ustawienia lokalne\Temporary Internet Files

Zrestartuj komputer przyciskiem na obudowie.

zbigi7 · 26 Luty 2007 15:40

zrobiłem mniej więcej to samo tylko chaotycznie

zabiłem wszystkie procesy

uruchamiałem polecenia w cmd

ręcznie usunąłem wpisy autostartu w rejestrze

został mi jeszcze tylko jakiśsptd.sys, ale to jest chyba z deamon tools z którego korzystam

podobne problemy już były opisane na forum

wystarczy wpisać m_hook.sys na google

avast sie zainstalował normalnie i właśnie skanuje wszystkie dyski

dzięki za pomoc

teraz wiem że nie da sie w 100% zabezpieczyć

a te rootkity mogą zrobić dosłownie wszystko …

adam9870 · 26 Luty 2007 16:00

Proszę wkleić jeszcze na wszelki wypadek dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Tak, to sterownik Deamona.

Rootkit którego miałeś powodował właśnie niemożliwość instalacji żadnych programów zabezpieczających.

Mogą zrobić wszystko, zwłaszcza typu Kernel Mode.

zbigi7 · 26 Luty 2007 19:43

Ad.1

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-02-26 20:38:24 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT 822E6EB8 ZwAllocateVirtualMemory SSDT 823EB1C8 ZwCreateKey SSDT 823AC4B8 ZwCreateProcess SSDT 823D0468 ZwCreateProcessEx SSDT 823D0288 ZwCreateThread SSDT 82344EE0 ZwDeleteKey SSDT 823DB278 ZwDeleteValueKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT 822E6F30 ZwQueueApcThread SSDT 822E6DC8 ZwReadVirtualMemory SSDT 8230E258 ZwRenameKey SSDT 822E6020 ZwSetContextThread SSDT 823AB4A0 ZwSetInformationKey SSDT 823D0378 ZwSetInformationProcess SSDT 823D0198 ZwSetInformationThread SSDT 823D21A8 ZwSetValueKey SSDT 823D0300 ZwSuspendProcess SSDT 822E6FA8 ZwSuspendThread SSDT 823D03F0 ZwTerminateProcess SSDT 823D0210 ZwTerminateThread SSDT 822E6E40 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!_abnormal_termination + 108 804E2764 5 Bytes [B8, C4, 3A, 82, 68] .text ntoskrnl.exe!_abnormal_termination + 10E 804E276A 2 Bytes [3D, 82] .text ntoskrnl.exe!_abnormal_termination + 31C 804E2978 1 Byte [30] .text ntoskrnl.exe!_abnormal_termination + 31E 804E297A 2 Bytes [2E, 82] .text USBPORT.SYS!DllUnload F149F62C 5 Bytes JMP 81A82970 ---- User code sections - GMER 1.0.12 ---- .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E45950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\WinFast\WFTVFM\WFWIZ.exe[788] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 010A5950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[792] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [AB, E7, C3, 83] .text C:\Program Files\Windows Defender\MSASCui.exe[828] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10005950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\Skype\Phone\Skype.exe[1080] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10005950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1496] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 037F5950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1496] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [67, E3, C3, 83] .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1508] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 012A5950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\DAEMON Tools\daemon.exe[1720] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BE5950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\Gadu-Gadu\gg.exe[2044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 036E5950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\Messenger\msmsgs.exe[2088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01BC5950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtCreateKey + 1 7C90D6D7 1 Byte [22] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtCreateKey + 4 7C90D6DA 8 Bytes [C0, 90, 90, 90, 90, 90, 90, …] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtCreateProcess + 1 7C90D755 1 Byte [22] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtCreateProcess + 4 7C90D758 8 Bytes [C0, 90, 90, 90, 90, 90, 90, …] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtCreateProcessEx + 1 7C90D76A 1 Byte [22] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtCreateProcessEx + 4 7C90D76D 8 Bytes [C0, 90, 90, 90, 90, 90, 90, …] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtOpenFile + 1 7C90DCFE 1 Byte [22] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtOpenFile + 4 7C90DD01 8 Bytes [C0, 90, 90, 90, 90, 90, 90, …] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtOpenKey + 1 7C90DD3D 1 Byte [22] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] ntdll.dll!NtOpenKey + 4 7C90DD40 8 Bytes [C0, 90, 90, 90, 90, 90, 90, …] .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00030444 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030670 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00030444 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 000305F4 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE .text C:\Program Files\Webroot\Spy Sweeper\ssu.exe[2316] kernel32.dll!VirtualFree 7C809AE4 5 Bytes JMP 00030634 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE .text C:\Grider\Girder.exe[2320] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E05950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2384] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0D0D5950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\OpenOffice.ux.pl 2.0.3\program\soffice.bin[2396] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10005950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\TechniSat DVB\bin\Server4PC.exe[2508] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0CD85950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text D:\gmer\gmer.exe[3956] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10005950 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823D41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823D41D8 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 8198D828 Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 8198D7B0 Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 8198D738 Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 815C8FA8 Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 815C8F30 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 815C8EB8 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 81B298B0 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 81B29838 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 81B297C0 Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 819B8478 Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 819B8400 Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 819B8388 Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 819C3568 Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 819C34F0 Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 823D61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 823D61D8 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 81A7E990 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 81A7E990 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 81A7E990 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81A7E990 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 81A7E990 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 81A7E990 Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 81A7E990 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 8198D828 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 8198D7B0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 8198D738 Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 815C8FA8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 815C8F30 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 815C8EB8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 81B298B0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 81B29838 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 81B297C0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 819B8478 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 819B8400 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 819B8388 Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 819C3568 Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 819C34F0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 819C3478 Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 819A4708 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 819A4690 Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 819A4618 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 81988D18 Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 81988CA0 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 81988C28 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 819888C8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 81988850 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 819887D8 Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 81988478 Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 81988400 Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 81988388 Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 819B19C0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D38BA8B4-B5F0-462B-BCB0-4B2D70298166} IRP_MJ_CREATE 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{D38BA8B4-B5F0-462B-BCB0-4B2D70298166} IRP_MJ_CLOSE 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{D38BA8B4-B5F0-462B-BCB0-4B2D70298166} IRP_MJ_DEVICE_CONTROL 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{D38BA8B4-B5F0-462B-BCB0-4B2D70298166} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{D38BA8B4-B5F0-462B-BCB0-4B2D70298166} IRP_MJ_CLEANUP 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{D38BA8B4-B5F0-462B-BCB0-4B2D70298166} IRP_MJ_PNP 81B21990 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 823701D8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 823701D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81970990 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CREATE 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CLOSE 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_POWER 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SYSTEM_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_PNP 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 8236F1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 8236F1D8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 81970990 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 81970990 Device \Driver\NetBT \Device\NetBT_Tcpip_{32B539AC-0B43-4845-89AE-9D7B73329E19} IRP_MJ_CREATE 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{32B539AC-0B43-4845-89AE-9D7B73329E19} IRP_MJ_CLOSE 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{32B539AC-0B43-4845-89AE-9D7B73329E19} IRP_MJ_DEVICE_CONTROL 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{32B539AC-0B43-4845-89AE-9D7B73329E19} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{32B539AC-0B43-4845-89AE-9D7B73329E19} IRP_MJ_CLEANUP 81B21990 Device \Driver\NetBT \Device\NetBT_Tcpip_{32B539AC-0B43-4845-89AE-9D7B73329E19} IRP_MJ_PNP 81B21990 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81B21990 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81B21990 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81B21990 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81B21990 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81B21990 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81B21990 Device \Driver\USBSTOR \Device\00000077 IRP_MJ_CREATE 81912488 Device \Driver\USBSTOR \Device\00000077 IRP_MJ_CLOSE 81912488 Device \Driver\USBSTOR \Device\00000077 IRP_MJ_READ 81912488 Device \Driver\USBSTOR \Device\00000077 IRP_MJ_WRITE 81912488 Device \Driver\USBSTOR \Device\00000077 IRP_MJ_DEVICE_CONTROL 81912488 Device \Driver\USBSTOR \Device\00000077 IRP_MJ_INTERNAL_DEVICE_CONTROL 81912488 Device \Driver\USBSTOR \Device\00000077 IRP_MJ_POWER 81912488 Device \Driver\USBSTOR \Device\00000077 IRP_MJ_SYSTEM_CONTROL 81912488 Device \Driver\USBSTOR \Device\00000077 IRP_MJ_PNP 81912488 Device \Driver\USBSTOR \Device\00000078 IRP_MJ_CREATE 81912488 Device \Driver\USBSTOR \Device\00000078 IRP_MJ_CLOSE 81912488 Device \Driver\USBSTOR \Device\00000078 IRP_MJ_READ 81912488 Device \Driver\USBSTOR \Device\00000078 IRP_MJ_WRITE 81912488 Device \Driver\USBSTOR \Device\00000078 IRP_MJ_DEVICE_CONTROL 81912488 Device \Driver\USBSTOR \Device\00000078 IRP_MJ_INTERNAL_DEVICE_CONTROL 81912488 Device \Driver\USBSTOR \Device\00000078 IRP_MJ_POWER 81912488 Device \Driver\USBSTOR \Device\00000078 IRP_MJ_SYSTEM_CONTROL 81912488 Device \Driver\USBSTOR \Device\00000078 IRP_MJ_PNP 81912488 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81B21990 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 81B21990 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 81B21990 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 81B21990 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 81B21990 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 81B21990 Device \Driver\USBSTOR \Device\00000079 IRP_MJ_CREATE 81912488 Device \Driver\USBSTOR \Device\00000079 IRP_MJ_CLOSE 81912488 Device \Driver\USBSTOR \Device\00000079 IRP_MJ_READ 81912488 Device \Driver\USBSTOR \Device\00000079 IRP_MJ_WRITE 81912488 Device \Driver\USBSTOR \Device\00000079 IRP_MJ_DEVICE_CONTROL 81912488 Device \Driver\USBSTOR \Device\00000079 IRP_MJ_INTERNAL_DEVICE_CONTROL 81912488 Device \Driver\USBSTOR \Device\00000079 IRP_MJ_POWER 81912488 Device \Driver\USBSTOR \Device\00000079 IRP_MJ_SYSTEM_CONTROL 81912488 Device \Driver\USBSTOR \Device\00000079 IRP_MJ_PNP 81912488 Device \Driver\00000079 \Device\0000005b IRP_MJ_POWER [F845ADB6] sptd.sys Device \Driver\00000079 \Device\0000005b IRP_MJ_SYSTEM_CONTROL [F847073C] sptd.sys Device \Driver\00000079 \Device\0000005b IRP_MJ_PNP [F846977E] sptd.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 8198D828 Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 8198D7B0 Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 8198D738 Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 815C8FA8 Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 815C8F30 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 815C8EB8 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 81B298B0 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 81B29838 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 81B297C0 Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 819B8478 Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 819B8400 Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 819B8388 Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 819C3568 Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 819C34F0 Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 819C3478 Devic

adam9870 · 26 Luty 2007 20:15

Jest Ok.

zbigi7 · 26 Luty 2007 21:39

ale to jeszcze nie wszystko

Ad.2

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-02-26 20:42:16 Windows 5.1.2600 Service Pack 2 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service [sYSTEM] Aavmker4 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\system32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_2.0.50727 Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state Service [AUTO] aswMon2 Service [MANUAL] aswRdr Service [sYSTEM] aswTdi Service C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\Ati2evxx.exe [DISABLED] Ati HotKey Poller Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag Service Atierecord Service C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [sYSTEM] atitray Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus Service [DISABLED] avast! Mail Scanner Service [DISABLED] avast! Web Scanner Service Avg7Alrt Service Avg7Core Service Avg7RsW Service Avg7RsXP Service Avg7UpdSvc Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service AvgClean Service AVGEMS Service AvgTdi Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service D:\Helios\Helios\chkproc.sys [MANUAL] chkproc1 Service [sYSTEM] Cinemsup Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32 Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service C:\WINDOWS\System32\drivers\ctac32k.sys [MANUAL] ctac32k Service C:\WINDOWS\system32\drivers\ctaud2k.sys [MANUAL] ctaud2k Service C:\WINDOWS\system32\DRIVERS\ctljystk.sys [MANUAL] ctljystk Service ctlntsvc Service C:\WINDOWS\System32\drivers\ctprxy2k.sys [MANUAL] ctprxy2k Service C:\WINDOWS\System32\drivers\ctsfm2k.sys [MANUAL] ctsfm2k Service C:\WINDOWS\system32\drivers\cx88vid.sys [AUTO] CX23880 Service C:\WINDOWS\system32\drivers\cxavxbar.sys [AUTO] CXAVXBAR Service C:\WINDOWS\system32\drivers\CX88TUNE.sys [AUTO] CXTUNE Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\DarkSpyKernel.sys [MANUAL] DarkSpy Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service eeCtrl Service C:\WINDOWS\eHome\ehRecvr.exe [DISABLED] ehRecvr Service C:\WINDOWS\eHome\ehSched.exe [DISABLED] ehSched Service C:\WINDOWS\system32\drivers\emu10k1m.sys [MANUAL] emu10k Service C:\WINDOWS\system32\drivers\ctlfacem.sys [MANUAL] emu10k1 Service C:\WINDOWS\System32\drivers\emupia2k.sys [MANUAL] emupia Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc Service [sYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service [MANUAL] GVCplDrv Service C:\WINDOWS\system32\drivers\ha10kx2k.sys [MANUAL] ha10kx2k Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\system32\drivers\hpt3xx.sys [bOOT] hpt3xx Service C:\WINDOWS\system32\drivers\hptpro.sys [bOOT] hptpro Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [DISABLED] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service C:\WINDOWS\system32\drivers\KProcWatch.sys [MANUAL] KProcWatch Service [bOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\ehome\mcrdsvc.exe [DISABLED] McrdSvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service C:\WINDOWS\System32\svchost.exe [MANUAL] MHN Service C:\WINDOWS\system32\DRIVERS\mhndrv.sys [MANUAL] MHNDRV Service [sYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE Service [bOOT] Mup Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC Service [bOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service C:\WINDOWS\system32\DRIVERS\NMnt.sys [MANUAL] nm Service C:\WINDOWS\system32\drivers\npf.sys [MANUAL] NPF Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [DISABLED] NtmsSvc Service [sYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\system32\drivers\ctoss2k.sys [MANUAL] ossrv Service C:\WINDOWS\system32\DRIVERS\p3.sys [sYSTEM] P3 Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service [DISABLED] PAVDRV Service [DISABLED] PAVSRV Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\Program Files\WinPcap\rpcapd.exe [MANUAL] rpcapd Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [MANUAL] RTL8023xp Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service SDhelper Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service C:\WINDOWS\system32\drivers\sfmanm.sys [MANUAL] sfman Service C:\WINDOWS\system32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [MANUAL] SKYNET Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [AUTO] SSDPSRV Service C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS [bOOT] SSFS0509 Service C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS [bOOT] SSHRMD Service C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS [bOOT] SSIDRV Service C:\WINDOWS\System32\Drivers\sskbfd.sys [MANUAL] SSKBFD Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [AUTO] UleadBurningHelper Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [MANUAL] UMWdf Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [AUTO] WebrootSpySweeperService Service C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [MANUAL] WFIOCTL Service C:\Program Files\Windows Defender\MsMpEng.exe [AUTO] WinDefend Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service [sYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {32B539AC-0B43-4845-89AE-9D7B73329E19} Service {817CA67E-F420-462E-A5CB-B7AE49BC41F2} Service {D38BA8B4-B5F0-462B-BCB0-4B2D70298166} Service [MANUAL] a4tvw6hi ---- EOF - GMER 1.0.12 ----

Gutek · 26 Luty 2007 22:51

No Ok

Skan AVG Anti-Spyware 7.5 po update