Problem z zwolnionym kompem i internetem

Dla specjalistów Bezpieczeństwo
#1

Komp zamula strasznie Firefox włączą sie ok 2 min:( Mam sieć z laptopem który bierze neta od kompa którego logi poniżej, CO pewnien czas rozłacza internet trzeba wtedy zrobic reset ( internet ICP modem Motorola przez USB)

i co najważniejsze gdy załaduej sie system na starcie wyskakuje taki błąd

a4500fc2990a36d4m.jpg

z góry dziekuje za wszelką pomoc

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

"{A4187DA5-05BA-1045-0902-020606130030}" = ""C:\Program Files\Common Files\{A4187DA5-05BA-1045-0902-020606130030}\Update.exe" mc-110-12-0000272" [file not found]


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"MSMSGS" = ""C:\Program Files\Messenger\Msmsgs.exe" /background" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"ishost.exe" = "ishost.exe" [file not found]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Labtec Inc."]

"snpstd3" = "C:\WINDOWS\vsnpstd3.exe" [empty string]

"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" ["HP"]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u"


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  - {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)

  - {HKLM...CLSID} = "IeCatch5 Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["FlashGet"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  - {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

  - {HKLM...CLSID} = "Windows Live Sign-in Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{D4E0C464-30CE-4075-9A10-71FD106C2847}\(Default) = (no title provided)

  - {HKLM...CLSID} = "PrintViewBHO Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found]

{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)

  - {HKLM...CLSID} = "gFlash Class"

                   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\getflash.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  - {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  - {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  - {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  - {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  - {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  - {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  - {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

  - {HKLM...CLSID} = "Moje foldery udostępniania"

                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

  - {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

  - {HKLM...CLSID} = "AVG7 Find Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

  - {HKLM...CLSID} = "AlcoholShellEx"

                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]


HKLM\Software\Microsoft\Command Processor\

 "AutoRun" = "d:\mplay.com" [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\

 "Userinit" = "C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070221.dll start" [MS], [MS], [file not found], [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

 windrx32\DLLName = "windrx32.dll" [file not found]


HKLM\Software\Classes\PROTOCOLS\Filter\

 text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  - {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  - {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"

  - {HKLM...CLSID} = "DWFShellExt Class"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll" ["Autodesk, Inc."]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  - {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

  - {HKLM...CLSID} = "AVG7 Shell Extension Class"

                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]



Startup items in "Pc" "All Users" startup folders:

----------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Reader Speed Launch" - shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"

  - {HKLM...CLSID} = "FlashGet Bar"

                   \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\(Default) = "PrintView"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found]


HKLM\Software\Classes\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\(Default) = "PrintView"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found]


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"

  - {HKCU...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

  - {HKLM...CLSID} = "Java Plug-in 1.5.0_10"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "FlashGet"

"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"

"MenuText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]

AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Sygate Personal Firewall Pro, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt07\Driver = "hpzlnt07.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

Monitor języka PJL\Driver = "PJLMON.DLL" [MS]



----------

: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 129 seconds.

---------- (total run time: 268 seconds)

Logfile of HijackThis v1.99.1

Scan saved at 13:17:03, on 2007-03-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\vsnpstd3.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\Msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Pc\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070221.dll start

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL (file missing)

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: windrx32 - windrx32.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
#2

włóz płyte z windowsem i wybierz opcje napraw i przeskanuj w poszukiwaniu wirusow

#3

Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Usuń wpisy HJT jeśli będą.

Po wykonaniu wklej nowe logi.

#4

zrobilem co poradzileś adam9870, niestety bład na starcie systemu nadal wystepuje…

nowe logi :

Logfile of HijackThis v1.99.1

Scan saved at 17:54:10, on 2007-03-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\vsnpstd3.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\Msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Pc\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

SmitFraudFix v2.148


Scan done at 17:41:15,95, 2007-03-14

Run from C:\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Killing process



»»»»»»»»»»»»»»»»»»»»»»»» hosts



127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix


GenericRenosFix by S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Registry Cleaning done. 


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» End


[/code]

[code]“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““C:\Program Files\Messenger\Msmsgs.exe” /background” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SmcService” = “C:\PROGRA~1\Sygate\SPF\smc.exe -startgui” [“Sygate Technologies, Inc.”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “LVCOMSX” = “C:\WINDOWS\system32\LVCOMSX.EXE” [“Labtec Inc.”] “snpstd3” = “C:\WINDOWS\vsnpstd3.exe” [empty string] “AVG7_CC” = “C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” [“GRISOFT, s.r.o.”] “HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe” [“HP”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = (no title provided) -> {HKLM…CLSID} = “IeCatch5 Class” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\jccatch.dll” [“FlashGet”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] {9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided) -> {HKLM…CLSID} = “Windows Live Sign-in Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS] {F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided) -> {HKLM…CLSID} = “gFlash Class” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\getflash.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}” = “Messenger Sharing Folders” -> {HKLM…CLSID} = “Moje foldery udostępniania” \InProcServer32(Default) = “C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll” [MS] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll” [“Alcohol Soft Development Team”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Autodesk.DWF.ContextMenu(Default) = “{6C18531F-CA85-45F7-8278-FF33CF0A5964}” -> {HKLM…CLSID} = “DWFShellExt Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll” [“Autodesk, Inc.”] AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG7\avgse.dll” [“GRISOFT, s.r.o.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Pc” & “All Users” startup folders: ---------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet Bar” -> {HKLM…CLSID} = “FlashGet Bar” \InProcServer32(Default) = “C:\PROGRA~1\FlashGet\fgiebar.dll” [“Amaze Soft”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “&FlashGet” “Exec” = “C:\PROGRA~1\FlashGet\flashget.exe” [“FlashGet.com”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “@C:\Program Files\Messenger\Msgslang.dll,-61144” “MenuText” = “@C:\Program Files\Messenger\Msgslang.dll,-61144” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, “C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe” [“GRISOFT, s.r.o.”] AVG7 Update Service, Avg7UpdSvc, “C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe” [“GRISOFT, s.r.o.”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] Sygate Personal Firewall Pro, SmcService, “C:\Program Files\Sygate\SPF\smc.exe” [“Sygate Technologies, Inc.”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt07\Driver = “hpzlnt07.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] Monitor języka PJL\Driver = “PJLMON.DLL” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 105 seconds, including 9 seconds for message boxes)

#5

Logi są czyste. Ale skoro w dalszym ciągu występuje błąd, o którym wspomniałeś w pierwszym poście, pokaż jeszcze log z Comboscan.

#6 
ComboScan v20070306.20 run by Pc on 2007-03-15 at 20:19:27

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


Successfully created ComboScan Restore Point.



-- Last 5 Restore Point(s) --

8: 2007-03-15 19:20:17 UTC - RP196 - ComboScan Restore Point

7: 2007-03-15 08:27:53 UTC - RP195 - Punkt kontrolny systemu

6: 2007-03-14 00:44:52 UTC - RP194 - Punkt kontrolny systemu

5: 2007-03-12 23:59:06 UTC - RP193 - Punkt kontrolny systemu

4: 2007-03-11 23:01:38 UTC - RP192 - Punkt kontrolny systemu



-- First Restore Point -- 

1: 2007-03-07 21:23:57 UTC - RP189 - Zainstalowano Windows XP KB921883.



Performed disk cleanup.



-- HijackThis (run as Pc.exe) --------------------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 20:22:01, on 2007-03-15

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\vsnpstd3.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\Msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\Pc\Pulpit\comboscan.exe

C:\DOCUME~1\Pc\Pulpit\HIJACK~1\Pc.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



-- HijackThis Fixed Entries (C:\DOCUME~1\Pc\Pulpit\HIJACK~1\backups\) ----------


backup-20070314-175234-761 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070221.dll start

backup-20070314-175235-129 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

backup-20070314-175235-909 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u


-- File Associations -----------------------------------------------------------


.bat - batfile - "%1" %*

.chm - chm.file - "C:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


2S ADILOADER (General Purpose USB Driver (adildr.sys)) - C:\WINDOWS\system32\Drivers\adildr.sys (not found)

3S adiusbaw (USB ADSL WAN Adapter) - C:\WINDOWS\system32\DRIVERS\adiusbaw.sys (not found)

3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys

1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys

1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys

1R Avg7RsXP (AVG7 Resident Driver XP) - C:\WINDOWS\system32\drivers\avg7rsxp.sys

1R AvgClean (AVG7 Clean Driver) - C:\WINDOWS\system32\drivers\avgclean.sys

3S CCDECODE (Dekoder napisów) - C:\WINDOWS\system32\drivers\CCDECODE.sys

3S hamachi (Hamachi Network Interface) - C:\WINDOWS\system32\drivers\hamachi.sys

3S HidUsb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys

3S mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys

3S MSTEE (Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming) - C:\WINDOWS\system32\drivers\MSTEE.sys

3R ms_mpu401 (Sterownik portu MIDI UART Microsoft MPU-401) - C:\WINDOWS\system32\drivers\msmpu401.sys

3S NABTSFEC (Koder-dekoder NABTS/FEC VBI) - C:\WINDOWS\system32\drivers\NABTSFEC.sys

3R ndiscm (Motorola SURFboard USB Cable Modem Windows Driver) - C:\WINDOWS\system32\drivers\NetMotCM.sys

3S NdisIP (Połączenie TV/wideo firmy Microsoft) - C:\WINDOWS\system32\drivers\NdisIP.sys

3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys

0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys

3R rtl8139 (Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet) - C:\WINDOWS\system32\drivers\RTL8139.sys

3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys

3S SNPSTD3 (USB PC Camera (SNPSTD3)) - C:\WINDOWS\system32\drivers\snpstd3.sys

0R sptd - C:\WINDOWS\system32\drivers\sptd.sys

3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys

0R Teefer (Teefer for NT) - C:\WINDOWS\system32\drivers\Teefer.sys

3S usbccgp (Rodzajowy sterownik nadrzędny USB Microsoft) - C:\WINDOWS\system32\drivers\usbccgp.sys

3R usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys

3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS

3R vaxscsi - C:\WINDOWS\system32\drivers\vaxscsi.sys

0R viaagp (Filtr magistrali AGP VIA) - C:\WINDOWS\system32\drivers\VIAAGP.SYS

0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS

2R wg3n (SyGate for NT, wg3n) - C:\WINDOWS\system32\drivers\wg3n.sys

2R wg4n (SyGate for NT, wg4n) - C:\WINDOWS\system32\drivers\wg4n.sys

2R wg5n (SyGate for NT, wg5n) - C:\WINDOWS\system32\drivers\wg5n.sys

2R wg6n (SyGate for NT, wg6n) - C:\WINDOWS\system32\drivers\wg6n.sys

1R wpsdrvnt - C:\WINDOWS\system32\drivers\wpsdrvnt.sys

3S WSTCODEC (Kodery-dekodery teletekstu w standardzie światowym) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe

3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

2R SmcService (Sygate Personal Firewall Pro) - C:\Program Files\Sygate\SPF\smc.exe

2R StarWindService (StarWind iSCSI Service) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

3S usnsvc (Usługa Messenger Sharing USN Journal Reader) - C:\WINDOWS\system32\svchost.exe -k usnsvc



-- Files created between 2007-02-15 and 2007-03-15 -----------------------------


2007-03-14 17:41:22 3176 --a------ C:\WINDOWS\system32\tmp.reg

2007-03-14 17:41:06 79360 --a------ C:\WINDOWS\system32\swxcacls.exe

2007-03-14 17:41:06 40960 --a------ C:\WINDOWS\system32\swsc.exe

2007-03-14 17:41:06 135168 --a------ C:\WINDOWS\system32\swreg.exe

2007-03-14 17:41:06 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-03-14 17:41:06 53248 --a------ C:\WINDOWS\system32\Process.exe

2007-03-14 17:41:06 51200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-03-14 17:35:31 0 d-------- C:\SmitfraudFix

2007-03-14 17:35:03 878 --a------ C:\fix.reg

2007-02-27 17:28:58 0 d-------- C:\Program Files\Media Player Classic

2007-02-27 17:28:53 0 d-------- C:\Program Files\Real Alternative

2007-02-25 21:36:21 0 d-------- C:\Program Files\TVAnts



-- Find3M Report ---------------------------------------------------------------


2007-03-15 20:02:45 0 d-------- C:\Documents and Settings\Pc\Dane aplikacji\AVG7

2007-03-15 17:57:04 0 d-------- C:\Program Files\FlashGet

2007-03-14 20:26:29 0 d-------- C:\Documents and Settings\Pc\Dane aplikacji\Skype

2007-03-13 15:25:30 0 d-------- C:\Program Files\Mozilla Firefox

2007-03-06 16:07:13 0 d-------- C:\Documents and Settings\Pc\Dane aplikacji\Azureus

2007-02-27 17:28:54 0 d-------- C:\Documents and Settings\Pc\Dane aplikacji\Real

2007-02-23 00:09:58 0 d-------- C:\Program Files\Gadu-Gadu

2007-02-10 21:44:43 0 d-------- C:\Program Files\Azureus

2007-01-31 20:54:04 0 d-------- C:\Program Files\Common Files\Autodesk Shared

2007-01-31 20:14:42 0 d-------- C:\Program Files\Common Files\Adobe

2007-01-29 22:54:26 0 d-------- C:\Program Files\Counter-Strike 1.6

2007-01-21 16:24:46 0 d-------- C:\Program Files\Grupa IMAGE



-- Registry Dump ---------------------------------------------------------------



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MSMSGS"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"

"snpstd3"="C:\\WINDOWS\\vsnpstd3.exe"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailScanner]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Mks_mail"

"hkey"="HKCU"

"command"="C:\\Program Files\\MKS_VIR_2006\\Mks_mail.exe"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SOUNDMAN"

"hkey"="HKLM"

"command"="SOUNDMAN.EXE"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wengo]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winampa"

"hkey"="HKLM"

"command"="C:\\Program Files\\Winamp\\winampa.exe"

"inimapping"="0"



[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"


[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Mks_Scan

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Mks_Scan\Service


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter	REG_MULTI_SZ HTTPFilter\0\0

LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService	REG_MULTI_SZ DnsCache\0\0

DcomLaunch	REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss	REG_MULTI_SZ RpcSs\0\0

imgsvc	REG_MULTI_SZ StiSvc\0\0

termsvcs	REG_MULTI_SZ TermService\0\0

Usnsvc	REG_MULTI_SZ usnsvc\0\0



[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]

Shell\AutoRun\command	H:\Autorun.exe


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65a6ef57-9e7f-11db-907a-00080eb2804f}]

Shell\Auto\command	I:\RavMonE.exe e

Shell\AutoRun\command	C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e



-- End of ComboScan: finished at 2007-03-15 at 20:22:55 ------------------------

A moze macie taki dll to ja sobie podmienie?? Z góry thx za pomoc, Komp troche ożył, tylko cały czas mam problem z dlugowlaczającym sie firefoxem potem juz jak sie uruchomi jest ok

#7

Ten program jest ewidentnym nośnikiem infekcji, a dokładnie tzw. chińszczyzny. Co prawda trochę trudno ją usunąć ale można. Jednak nie będę strzelać w ciemno dlatego proszę pokazać dwa logi z Gmer’a wykonane przy takich ustawieniach:

  1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

  2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

Zajrzyj tutaj:

http://forum.dobreprogramy.pl/viewtopic.php?t=112857

#8

Oto logi z GMERA, TvAnts to program do ogladania Tv przez neta uzywam go czasami do ogladania meczów, ale skoro jjest źródlem nieporzadanych skutków to odinstaluje

dzieki bardzo za dotychczasową pomoc

GMER 1.0.12.12086 - http://www.gmer.net

Rootkit scan 2007-03-16 17:14:53

Windows 5.1.2600 Dodatek Service Pack 2



---- System - GMER 1.0.12 ----


SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory

SSDT sptd.sys ZwCreateKey

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread

SSDT sptd.sys ZwEnumerateKey

SSDT sptd.sys ZwEnumerateValueKey

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection

SSDT sptd.sys ZwOpenKey

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory

SSDT sptd.sys ZwQueryKey

SSDT sptd.sys ZwQueryValueKey

SSDT sptd.sys ZwSetValueKey

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwTerminateProcess

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory


---- Kernel code sections - GMER 1.0.12 ----


? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.

.text USBPORT.SYS!DllUnload F79B162C 5 Bytes JMP 818021B8 

? C:\WINDOWS\System32\Drivers\vaxscsi.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.

.text tcpip.sys!IPTransmit + 10BC F6480CFA 6 Bytes CALL F977DCE0 Teefer.sys

.text tcpip.sys!IPTransmit + 2810 F648244E 6 Bytes CALL F977DCE0 Teefer.sys

.text tcpip.sys!ARPRcv + 506D F64874E0 6 Bytes CALL F977DCE0 Teefer.sys

.text wanarp.sys F90D53FD 7 Bytes CALL F977DE30 Teefer.sys


---- User code sections - GMER 1.0.12 ----


.text C:\Program Files\Winamp\winamp.exe[1132] USER32.dll!SetScrollInfo 77D39056 7 Bytes JMP 01E69B03 C:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text C:\Program Files\Winamp\winamp.exe[1132] USER32.dll!GetScrollInfo 77D417F8 7 Bytes JMP 01E69A8B C:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text C:\Program Files\Winamp\winamp.exe[1132] USER32.dll!ShowScrollBar 77D4F2CA 5 Bytes JMP 01E69B87 C:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text C:\Program Files\Winamp\winamp.exe[1132] USER32.dll!GetScrollPos 77D4F6DC 5 Bytes JMP 01E69AB3 C:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text C:\Program Files\Winamp\winamp.exe[1132] USER32.dll!SetScrollPos 77D4F728 5 Bytes JMP 01E69B2E C:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text C:\Program Files\Winamp\winamp.exe[1132] USER32.dll!GetScrollRange 77D4F75F 5 Bytes JMP 01E69AD8 C:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text C:\Program Files\Winamp\winamp.exe[1132] USER32.dll!SetScrollRange 77D4F973 5 Bytes JMP 01E69B59 C:\Program Files\Winamp\Plugins\gen_jumpex.dll

.text C:\Program Files\Winamp\winamp.exe[1132] USER32.dll!EnableScrollBar 77D87BC5 7 Bytes JMP 01E69A63 C:\Program Files\Winamp\Plugins\gen_jumpex.dll


---- Devices - GMER 1.0.12 ----


Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 81B851D8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 81B851D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 815E31D8

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 815E31D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 814211D8

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 814211D8

Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 814211D8

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F8BE2220] wpsdrvnt.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F8BE2480] wpsdrvnt.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F8BE25A0] wpsdrvnt.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BE25D0] wpsdrvnt.sys

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 818011D8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 818011D8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 818011D8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 818011D8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 818011D8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 818011D8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 818011D8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 818011D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 81B881D8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 81B881D8

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8BE2220] wpsdrvnt.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F8BE2480] wpsdrvnt.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8BE25A0] wpsdrvnt.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BE25D0] wpsdrvnt.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 81B891D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 815FF1D8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 815FF1D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 81B891D8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 81B871D8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 81B871D8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 81B871D8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 81B871D8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 81B871D8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 81B871D8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 81B871D8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 81B871D8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 81B871D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_READ 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_WRITE 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CLEANUP 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_POWER 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_PNP 81B891D8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 815E11D8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 815E11D8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 815E11D8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 815E11D8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 815E11D8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 815E11D8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 815E11D8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 815E11D8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 815E11D8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 815E11D8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 815E11D8

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 815E11D8

Device \Driver\00000075 \Device\0000004c IRP_MJ_POWER [F9956DB6] sptd.sys

Device \Driver\00000075 \Device\0000004c IRP_MJ_SYSTEM_CONTROL [F996C73C] sptd.sys

Device \Driver\00000075 \Device\0000004c IRP_MJ_PNP [F996577E] sptd.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F8BE2220] wpsdrvnt.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F8BE2480] wpsdrvnt.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F8BE25A0] wpsdrvnt.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BE25D0] wpsdrvnt.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F8BE2220] wpsdrvnt.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F8BE2480] wpsdrvnt.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F8BE25A0] wpsdrvnt.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BE25D0] wpsdrvnt.sys

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 818011D8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 818011D8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 818011D8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 818011D8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 818011D8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 818011D8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 818011D8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 818011D8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 818011D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 814F11D8

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F8BE2220] wpsdrvnt.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F8BE2480] wpsdrvnt.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F8BE25A0] wpsdrvnt.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8BE25D0] wpsdrvnt.sys

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 814F11D8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 814F11D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 81B891D8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 81B891D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{585DBBE2-8AF8-45FF-ADE4-BC5399068188} IRP_MJ_CREATE 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{585DBBE2-8AF8-45FF-ADE4-BC5399068188} IRP_MJ_CLOSE 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{585DBBE2-8AF8-45FF-ADE4-BC5399068188} IRP_MJ_DEVICE_CONTROL 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{585DBBE2-8AF8-45FF-ADE4-BC5399068188} IRP_MJ_INTERNAL_DEVICE_CONTROL 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{585DBBE2-8AF8-45FF-ADE4-BC5399068188} IRP_MJ_CLEANUP 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{585DBBE2-8AF8-45FF-ADE4-BC5399068188} IRP_MJ_PNP 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{B5F7E8DE-87D7-40FB-99CF-B4F87DE0FBFF} IRP_MJ_CREATE 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{B5F7E8DE-87D7-40FB-99CF-B4F87DE0FBFF} IRP_MJ_CLOSE 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{B5F7E8DE-87D7-40FB-99CF-B4F87DE0FBFF} IRP_MJ_DEVICE_CONTROL 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{B5F7E8DE-87D7-40FB-99CF-B4F87DE0FBFF} IRP_MJ_INTERNAL_DEVICE_CONTROL 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{B5F7E8DE-87D7-40FB-99CF-B4F87DE0FBFF} IRP_MJ_CLEANUP 815E11D8

Device \Driver\NetBT \Device\NetBT_Tcpip_{B5F7E8DE-87D7-40FB-99CF-B4F87DE0FBFF} IRP_MJ_PNP 815E11D8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8192E5B0

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 8192E5B0

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_READ 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 815E31D8

Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 815E31D8


---- EOF - GMER 1.0.12 ----

Złączono Posta : 16.03.2007 (Pią) 17:24

drugi nie zmiescił sie wiec wklejam odsyłacz

http://www.sendspace.com/file/rykt2o

#9

Logi z Gmer’a są czyste.

Koniecznie i to jak najszybciej go odinstaluj. Często razem z nim instaluje się syf, proszę zerknij np. tutaj:

http://forum.dobreprogramy.pl/viewtopic.php?t=141954

http://www.searchengines.pl/phpbb203/in … opic=86584

http://www.searchengines.pl/phpbb203/in … opic=86200