Problem z csrss.exe procek100%obciążenie

szejk · 9 Lipiec 2006 16:59

Logfile of HijackThis v1.99.1

Scan saved at 19:02:16, on 2006-07-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\VTTimer.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

C:\Program Files\Spamihilator\spamihilator.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\devldr32.exe

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [˙_zskp`wzwhl^pdciyvsw50inkrwksz_] c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WOOKIT] C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

O4 - HKLM\..\RunServices: [˙_zskp`wzwhl^pdciyvsw50inkrwksz_] c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe

O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"

O4 - HKCU\..\Run: [˙_zskp`wzwhl^pdciyvsw50inkrwksz_] c:\windows\system32\_zskwrkni05wsvyicdp^lhwzw`p.exe

O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151186987468

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151187154984

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C54FEF28-13DF-427A-9E3A-3B8D52C8D44B}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)

O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)

O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)

O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe

O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)

O23 - Service: Usługa Norton Protection Center (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

InfinityToJa · 9 Lipiec 2006 17:05

w logu:

Daj log z Gmer’a, ściągnij>>>uruchom>>>przejdź do zakładki “rootkit”>>>wybierz “szukaj”>>>czekaż cierpliwie aż program zakończy prace>>>klikasz “kopiuj”>>>ctrl + v i wklej do posta.

Zrób jeszcze jednego loga, ale zaznacz tylko usługi + pokazuj wszystko

InfinityToJa · 9 Lipiec 2006 20:01

Ściągnij Pocket Killbox>>>uruchom>>>zaznacz opcje “Delete on Reboot” i “All Files”>>>w polu “Full path of file” wklej ścieżki:

Po wklejeniu każdej ścieżki z osobna klikasz X, na reset kompa zgadzasz się po wklejeniu ostatniej.

Nowy log z gmera + silent runners

szejk · 9 Lipiec 2006 21:00

na dziś to już koniec, restartuje się komp przy gmerze i to pod koniec

Złączono Posta : 10.07.2006 (Pon) 17:14

[quoGMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2006-07-10 17:18:18

Windows 5.1.2600 Dodatek Service Pack 2

---- Devices - GMER 1.0.10 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 840379C8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 840379C8

Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 840379C8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8402DD38

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8402DD38

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 8402DD38

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 8402DD38

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1Port3Path0Target0Lun0 IRP_MJ_PNP_POWER 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE_NAMED_PIPE 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CLOSEIRP_MJ_READ 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_WRITE 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_INFORMATION 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_INFORMATION 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_EA 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_EA 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_FLUSH_BUFFERS 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_VOLUME_INFORMATION 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DIRECTORY_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DEVICE_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SHUTDOWN 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_LOCK_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CLEANUP 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_CREATE_MAILSLOT 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_SECURITY 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_SECURITY 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_POWER 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SYSTEM_CONTROL 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_DEVICE_CHANGE 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_QUERY_QUOTA 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_SET_QUOTA 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_PNP 83FF69B8

Device \Driver\sojuscsi \Device\Scsi\sojuscsi1 IRP_MJ_PNP_POWER 83FF69B8

---- Processes - GMER 1.0.10 ----

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\VTTimer.exe [272] 0x003F0000 <-- ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [376] 0x01400000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\PROGRA~1\NEOSTR~1\CnxMon.exe [400] 0x00C70000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\csrss.exe [524] 0x01180000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [552] 0x01370000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [596] 0x00A60000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [608] 0x00B40000 – ROOTKIT

Process C:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.exe (*** hidden *** ) 612 – ROOTKIT

Library C:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe ( ***hidden*** ) @ C:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe [612] 0x00400000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.dll ( ***hidden*** ) @ C:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe [612] 0x10000000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe [728] 0x01140000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [764] 0x007E0000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe [772] 0x00C70000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\Program Files\Spamihilator\spamihilator.exe [796] 0x01880000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [812] 0x00B40000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [852] 0x013D0000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [896] 0x00690000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [940] 0x00710000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [1024] 0x00B50000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1136] 0x00BF0000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1184] 0x00FA0000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [1292] 0x00D00000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1404] 0x003E0000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [1416] 0x01780000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\Program Files\Spyware Doctor\sdhelp.exe [1584] 0x00E70000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [1660] 0x01050000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [1692] 0x02AB0000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1744] 0x00720000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\WINDOWS\system32\wdfmgr.exe [1780] 0x00670000 – ROOTKIT

Library c:\windows\system32_zskwrkni05wsvyicdp^lhwzw`p.dll (*** hidden *** ) @ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [1808] 0x003F0000 – ROOTKIT

---- Modules - GMER 1.0.10 ----

Module _________ F745F000

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@?_zskpwzwhl^pdciyvsw50inkrwksz_ c:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@QuickTime Task “C:\Program Files\QuickTime\qttask.exe” -atboottime

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@WOOKIT C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@?_zskpwzwhl^pdciyvsw50inkrwksz_ c:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@QuickTime Task “C:\Program Files\QuickTime\qttask.exe” -atboottime

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@WOOKIT C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices@?_zskpwzwhl^pdciyvsw50inkrwksz_ c:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe

Reg \Registry\USER\S-1-5-21-789336058-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run@?_zskpwzwhl^pdciyvsw50inkrwksz_ c:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase

File C:\System Volume Information\tracking.log

File C:\System Volume Information_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}

File C:\System Volume Information_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}

File C:\WINDOWS\system32_zskwrkni05SMR[iPV_G[`KXL.dll

File C:\WINDOWS\system32_zskwrkni05SMR[iPV_G[`KXL.exe

File C:\WINDOWS\system32_zskwrkni05WSVYICDP^LHWZW`P.dll

File E:\System Volume Information\MountPointManagerRemoteDatabase

File E:\System Volume Information\tracking.log

File E:\System Volume Information_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}

File E:\System Volume Information_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}

File E:\System Volume Information_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}

File F:\System Volume Information\MountPointManagerRemoteDatabase

File F:\System Volume Information\tracking.log

File F:\System Volume Information_restore{3F1FC80D-DA9B-4089-9749-F5FB23DAB24E}

File F:\System Volume Information_restore{888D7EFA-6EF1-40E4-A7F8-FC229C4D956B}

File F:\System Volume Information_restore{DAEFAA36-5989-44B1-8AB6-A8BFFD6B89C5}

---- EOF - GMER 1.0.10 ----

te]

Złączono Posta : 10.07.2006 (Pon) 17:26

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Spamihilator” = ““C:\Program Files\Spamihilator\spamihilator.exe”” [“Michel Krämer”] “˙_zskpwzwhl^pdciyvsw50inkrwksz_" = "c:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “VTTimer” = “VTTimer.exe” [“S3 Graphics, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom RD”] “Share-to-Web Namespace Daemon” = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [“Hewlett-Packard”] “LXBSCATS” = “rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16” [MS] “MemoryCardManager” = “C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup” [“Lexmark International, Inc.”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “˙_zskpwzwhl^pdciyvsw50inkrwksz_" = "c:\windows\system32_zskwrkni05wsvyicdp^lhwzwp.exe” [null data] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “WOOKIT” = “C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe” [“France Télécom RD”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}(Default) = (no title provided) - {HKLM…CLSID} = “PCTools Site Guard” \InProcServer32(Default) = “C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll” [“PC Tools”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) - {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] {B56A7D7D-6927-48C8-A975-17DF180C71AC}(Default) = (no title provided) - {HKLM…CLSID} = “PCTools Browser Monitor” \InProcServer32(Default) = “C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll” [“PC Tools”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

Złączono Posta : 11.07.2006 (Wto) 10:40

Udało mi się ściągnąć całego loga z gmera i silenta