Spowalnia komputer rootkit,logi

QUICKSILVER1942 · 27 Sierpień 2007 19:08

Witam avg anti rootkit wykrył mi w system 32/drivers ahroji53 który coraz to gdy go usuwam zmienia nazwę proszę o szybką pomoc :-),rootkit jest ukryty

Logfile of HijackThis v1.99.1 Scan saved at 21:07:26, on 2007-08-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe C:\InternetCalls\InternetCalls.exe D:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\DriveCrypt Plus Pack\DCPP2Svc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\wscntfy.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [AVP] “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” O4 - HKLM…\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM…\Run: [DCPPaid] C:\WINDOWS\system32\DCPPaid.exe /P O4 - HKCU…\Run: [internetCalls] “C:\InternetCalls\InternetCalls.exe” -nosplash -minimized O4 - HKCU…\Run: [DAEMON Tools] “D:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download with GetRight Pro - D:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Pro Browser - D:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/ … canner.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: SecurStar DCPP 3.81+ Service (DCPP2Svc) - Unknown owner - C:\Program Files\DriveCrypt Plus Pack\DCPP2Svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Złączono Posta : 27.08.2007 (Pon) 21:14

raczej log jest czysty wiec mam pytanie jak go usunąć tu log z combo fix

ComboFix 07-06-3B - Running from: “D:” ((((((((((((((((((((((((( Files Created from 2007-07-27 to 2007-08-27 ))))))))))))))))))))))))))))))) 2007-08-27 01:56 2007-08-27 01:52 2007-08-27 01:52 2007-08-27 01:52 2007-08-27 01:52 2007-08-24 20:18 2,782 --a------ C:\WINDOWS\system32\sdbackup.reg 2007-08-23 17:59 2007-08-22 15:01 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-08-22 15:01 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-08-22 15:01 69,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-08-22 15:01 16,789,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-08-22 15:01 2007-08-22 14:58 724,992 --a------ C:\WINDOWS\system32\DCPPaid.exe 2007-08-22 14:47 2007-08-22 14:47 2007-08-22 14:34 2007-08-20 22:27 2007-08-20 21:54 787,432 --a------ C:\WINDOWS\system32\drivers\dcpp2k.sys 2007-08-20 21:54 53,224 --a------ C:\WINDOWS\system32\DCPPGina.dll 2007-08-20 21:54 37,688 --a------ C:\WINDOWS\system32\DCPPGina.dat 2007-08-20 21:54 2007-08-20 04:10 2007-08-14 21:47 2007-08-12 23:19 2007-08-08 22:39 135,168 --a------ C:\WINDOWS\system32\UAService7.exe 2007-08-07 21:39 2007-08-05 14:52 2007-08-03 20:15 2007-08-03 20:15 2007-08-03 20:15 2007-08-03 20:14 2007-08-03 19:36 2007-08-03 15:52 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-08-03 15:52 671,744 --a------ C:\WINDOWS\system32\DolbyHph.dll 2007-08-03 15:52 60,416 --a------ C:\WINDOWS\system32\DSETUP.dll 2007-08-03 15:52 4,608 --a------ C:\WINDOWS\system32\drivers\nvport.sys 2007-08-03 15:52 2007-08-03 15:52 2007-08-03 15:29 2007-08-03 15:29 2007-08-02 23:51 2007-08-02 23:51 2007-08-02 17:00 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-08-02 17:00 639,066 --a------ C:\WINDOWS\system32\DivX.dll 2007-07-30 14:33 12,800 --a------ C:\WINDOWS\system32\WING32.DLL 2007-07-29 22:19 17,264 --a------ C:\WINDOWS\system32\drivers\hfxp2.sys 2007-07-27 22:50 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-27 18:35:06 -------- d-----w C:\Program Files\Anti-Blaxx 2007-08-27 18:33:16 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Azureus 2007-08-27 17:57:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-08-27 17:57:05 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-08-27 17:56:55 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Xfire 2007-08-27 15:53:53 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\InternetCalls 2007-08-25 16:05:34 -------- d-----w C:\Program Files\lg_fwupdate 2007-08-24 18:21:05 -------- d-----w C:\Program Files\CureROM 2007-08-24 14:07:28 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-08-24 12:45:03 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-08-20 20:28:31 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Skype 2007-08-15 02:18:05 49,608 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-08-15 02:18:05 355,820 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-08-14 19:49:49 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-08-14 19:49:48 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-08-14 19:47:09 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-08-12 19:55:52 -------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-08-12 19:31:33 -------- d-----w C:\Program Files\Gadu-Gadu 2007-08-12 01:09:41 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\teamspeak2 2007-08-08 20:39:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-08-08 20:28:09 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\OpenOffice.org2 2007-08-06 16:40:21 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-08-06 00:14:43 2,509 ----a-w C:\WINDOWS\mozver.dat 2007-08-03 12:46:29 -------- d-----w C:\Program Files\Common Files\G DATA 2007-08-02 15:01:46 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll 2007-08-02 15:01:44 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll 2007-08-02 15:01:37 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll 2007-08-02 15:01:35 45,056 ----a-w C:\WINDOWS\system32\ogg.dll 2007-08-02 15:01:35 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll 2007-08-02 15:01:21 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll 2007-08-02 15:01:19 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll 2007-08-02 15:01:19 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll 2007-07-22 18:27:44 -------- d-----w C:\Program Files\Winamp 2007-07-22 12:03:34 -------- d-----w C:\Program Files\xp-AntiSpy 2007-07-20 07:50:37 -------- d-----w C:\Program Files\ivo 2007-07-20 07:40:18 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\CyberLink 2007-07-20 07:22:42 -------- d-----w C:\Program Files\SubEdit-Player 2007-07-20 07:20:47 -------- d-----w C:\Program Files\UBWPlayer 2007-07-20 07:10:25 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-07-16 20:43:14 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-07-16 16:50:00 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Hamachi 2007-07-16 15:32:33 -------- d-----w C:\Program Files\jv16 PowerTools 2007 2007-07-16 15:32:22 206 ----a-w C:\WINDOWS\system32\efceceb6_r.dll 2007-07-16 15:17:42 -------- d-----w C:\Program Files\Odkurzacz 2007-07-15 03:12:50 -------- d-----w C:\Program Files\Teleport Pro 2007-07-14 20:20:36 -------- d-----w C:\Program Files\KM Remote 2007-07-12 21:14:32 -------- d-----w C:\Program Files\The All-Seeing Eye 2007-07-12 19:58:51 -------- d-----w C:\Program Files\directx 2007-07-11 20:47:05 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Moje pliki gry Władca Pierścieni, Król Nazguli 2007-07-11 12:59:51 -------- d-----w C:\Program Files\DOSBox-0.63 2007-07-11 01:43:45 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Ahead 2007-07-09 17:29:44 -------- d-----w C:\Program Files\Common Files\Ahead 2007-07-09 17:28:25 -------- d-----w C:\Program Files\Nero 2007-07-08 09:22:38 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Moje pliki Bitwy o Śródziemie™ II 2007-07-04 12:53:32 233,472 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll 2007-07-04 12:53:20 221,184 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll 2007-07-04 12:28:34 225,356 ----a-w C:\WINDOWS\system32\lnod32apiW.dll 2007-07-04 12:28:32 196,684 ----a-w C:\WINDOWS\system32\lnod32apiA.dll 2007-07-03 16:43:56 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-07-03 16:43:56 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-07-02 23:51:05 -------- d-----w C:\Program Files\Common Files\DirectX 2007-07-01 21:12:56 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\My Battle for Middle-earth II Files 2007-06-30 17:50:03 -------- d-----w C:\Program Files\Spik 2007-06-29 23:44:34 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\SUPERAntiSpyware.com 2007-06-29 15:32:42 16,896 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll 2007-06-28 19:23:12 -------- d-----w C:\Program Files\Samsung 2007-06-28 19:22:43 -------- d-----w C:\Program Files\XviD 2007-06-28 10:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll 2007-06-28 10:14:59 23,028 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-28 01:02:55 -------- d-----w C:\Program Files\PcMedik 2007-06-27 18:31:22 -------- d-----w C:\Program Files\Azureus 2007-06-27 17:05:02 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-06-27 05:11:43 47,312 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys 2007-06-26 12:12:02 972,072 ----a-w C:\WINDOWS\UNNeroVision.exe 2007-06-26 11:02:11 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-06-26 11:02:11 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-06-26 11:02:11 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-06-20 23:41:49 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll 2007-06-16 21:01:20 1 ----a-w C:\WINDOWS\system32\SI.bin 2007-06-13 09:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe 2007-06-04 22:43:54 82,774 ----a-w C:\WINDOWS\Uninstall Jade Empire.exe 2007-05-31 17:30:22 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll 2007-05-31 17:29:42 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll 2007-05-28 15:52:45 4,096 ----a-w C:\WINDOWS\d3dx.dat 2007-05-27 17:45:26 78,160 ----a-w C:\AutoFix.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 04:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “amd_dc_opt”=“C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe” [2006-11-17 16:49] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-30 01:39] “Anti-Blaxx Manager”=“C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe” [2005-10-26 16:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “InternetCalls”=“C:\InternetCalls\InternetCalls.exe” [2007-05-24 17:10] “DAEMON Tools”=“D:\Program Files\DAEMON Tools\daemon.exe” [2007-08-22 14:06] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “LinkResolveIgnoreLinkInfo”=0 (0x0) “NoResolveSearch”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “LinkResolveIgnoreLinkInfo”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-06-30 01:39] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=“D:\Program Files\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^a a a a a a a aa^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] path=C:\Documents and Settings\a a a a a a a aa\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVKTray] “D:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCPPaid] C:\WINDOWS\system32\DCPPaid.exe /P [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls] “C:\InternetCalls\InternetCalls.exe” -nosplash -minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] D:\Program Files\Valve\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the ‘Scheduled Tasks’ folder 2007-08-26 23:52:24 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-27 21:10:58 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-27 21:11:18 C:\ComboFix-quarantined-files.txt … 2007-06-10 17:05 C:\ComboFix2.txt … 2007-06-10 17:05 C:\ComboFix3.txt … 2007-06-09 00:03 — E O F — Złączono Posta: 27.08.2007 (Pon) 21:20 silent runners

Gutek · 27 Sierpień 2007 19:22

usuń wpis HJT

Pobierz program SDFix

QUICKSILVER1942 · 27 Sierpień 2007 19:37

SDFix: Version 1.100 Run by a a a a a a a aa on 2007-08-27 at 21:32 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing SharedAccess Service Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Files with Hidden Attributes: C:\Program Files\Messenger\msmsgs.exe Finished

Gutek · 27 Sierpień 2007 19:40

Pobierz Gmer

Rootkit=>szukaj=>bez zaznaczania pokaż wszystko=> Ctrl + V do posta wklej
Rootkit => zaznaczone tylko Pokazuj wszystko + Usługi => Szukaj => Kopiuj => Ctrl + V do posta wklej

QUICKSILVER1942 · 27 Sierpień 2007 20:05

yyy trochę pogubiłem to znaczy jak rozumiem rootkit nacisnąłem szukaj i co teraz, skończyło sie skanowanie…

Gutek · 27 Sierpień 2007 20:07

Nie wiem jaśniej chyba nie opiszę

QUICKSILVER1942 · 27 Sierpień 2007 20:09

hmmm mam tu zapisz czy właśnie o to chodzi żeby tego loga wkleić? lol :mrgreen:

jessica · 27 Sierpień 2007 20:24

A nie ma tam przycisku “Kopiuj” ?

jessi

QUICKSILVER1942 · 27 Sierpień 2007 20:29

tak jest ale postępowałem według wskazówek Gutek2222

GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-08-27 22:27:49 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwClose SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadDriver SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2 SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey SSDT kl1.sys ZwOpenFile SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey SSDT ??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwSystemDebugControl SSDT ??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey SSDT ??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295] SSDT ??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296] Code ??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess Code ??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.13 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE40 5 Bytes JMP AD23CA70 ??\C:\WINDOWS\system32\drivers\klif.sys .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF634 5 Bytes JMP AD23CF70 ??\C:\WINDOWS\system32\drivers\klif.sys ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload B704F62C 5 Bytes JMP 89DD91C8 .text a6r5gq5o.SYS AF61E384 1 Byte [20] .text a6r5gq5o.SYS AF61E386 35 Bytes [00, 68, 00, 00, 00, 00, 00, …] .text a6r5gq5o.SYS AF61E3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, …] .text a6r5gq5o.SYS AF61E3C4 3 Bytes [00, 00, 00] .text a6r5gq5o.SYS AF61E3C9 1 Byte [00] .text … ---- User code sections - GMER 1.0.13 ---- .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!StrStrW + FFE2AEDD 7C9C42A8 4 Bytes [F0, 00, 1E, 7D] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!StrStrW + FFE2AEE9 7C9C42B4 4 Bytes [60, 01, 1E, 7D] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!StrStrW + FFE2C555 7C9C5920 4 Bytes [60, 08, 1E, 7D] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!StrStrW + FFE2C66D 7C9C5A38 4 Bytes [D0, 08, 1E, 7D] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!StrStrW + FFE2C6A1 7C9C5A6C 4 Bytes [00, 0B, 1E, 7D] .text … .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!ILFree + 24F 7C9E2B50 4 Bytes [E0, 04, A1, 02] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!ILFindChild + 195 7C9EB96C 4 Bytes [00, 0B, A1, 02] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!ILFindChild + 1355 7C9ECB2C 4 Bytes [A0, 0D, A1, 02] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!SHCreateShellFolderView + 460E 7C9F4C7C 4 Bytes [20, 03, 1E, 7D] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!SHCreateShellFolderView + 462E 7C9F4C9C 4 Bytes [B0, 02, 1E, 7D] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!SHCreateShellFolderView + 4666 7C9F4CD4 4 Bytes [40, 02, 1E, 7D] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!DllCanUnloadNow + 7F7 7CA01DB0 4 Bytes [30, 0D, A1, 02] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!SHTestTokenMembership + E3 7CA11C60 4 Bytes [10, 0E, 1E, 7D] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!SHPropStgReadMultiple + 472 7CA1A578 4 Bytes [E0, 04, 1E, 7D] .text C:\WINDOWS\Explorer.EXE[396] SHELL32.dll!SHPropStgReadMultiple + 57E 7CA1A684 4 Bytes [C0, 05, 1E, 7D] .text D:\Program Files\Mozilla Firefox\firefox.exe[3816] SHELL32.dll!StrStrW + FFE2AEDD 7C9C42A8 4 Bytes [F0, 00, 1E, 7D] .text D:\Program Files\Mozilla Firefox\firefox.exe[3816] SHELL32.dll!StrStrW + FFE2AEE9 7C9C42B4 4 Bytes [60, 01, 1E, 7D] .text D:\Program Files\Mozilla Firefox\firefox.exe[3816] SHELL32.dll!StrStrW + FFE2D515 7C9C68E0 4 Bytes [40, 02, 1E, 7D] .text D:\Program Files\Mozilla Firefox\firefox.exe[3816] SHELL32.dll!StrStrW + FFE2D55D 7C9C6928 4 Bytes [D0, 01, 1E, 7D] .text D:\Program Files\Mozilla Firefox\firefox.exe[3816] SHELL32.dll!StrStrW + FFE2EBB5 7C9C7F80 4 Bytes [B0, 02, 1E, 7D] .text D:\Program Files\Mozilla Firefox\firefox.exe[3816] SHELL32.dll!SHCreateShellFolderView + 460E 7C9F4C7C 4 Bytes [00, 04, 1E, 7D] .text D:\Program Files\Mozilla Firefox\firefox.exe[3816] SHELL32.dll!SHCreateShellFolderView + 462E 7C9F4C9C 4 Bytes [90, 03, 1E, 7D] .text D:\Program Files\Mozilla Firefox\firefox.exe[3816] SHELL32.dll!SHCreateShellFolderView + 4666 7C9F4CD4 4 Bytes [20, 03, 1E, 7D] ---- Kernel IAT/EAT - GMER 1.0.13 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [bA6BEAD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [bA6BEC1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [bA6BEB9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [bA6BF748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [bA6BF61E] sptd.sys IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!KfAcquireSpinLock] 6C000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!READ_PORT_UCHAR] 56000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!KeGetCurrentIrql] F4000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!KfRaiseIrql] EA000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!KfLowerIrql] 65000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!HalGetInterruptVector] 7A000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!HalTranslateBusAddress] AE000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!KeStallExecutionProcessor] 08000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!KfReleaseSpinLock] BA000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 78000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!READ_PORT_USHORT] 25000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 2E000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[HAL.dll!WRITE_PORT_UCHAR] 1C000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[WMILIB.SYS!WmiSystemControl] B4000000 IAT \SystemRoot\System32\Drivers\a6r5gq5o.SYS[WMILIB.SYS!WmiCompleteRequest] C6000000 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [bA6D429A] sptd.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 89DE67E0 IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 89DE67E0 ---- User IAT/EAT - GMER 1.0.13 ---- IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\system32\svchost.exe[232] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\Explorer.EXE[396] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\WINDOWS\System32\alg.exe[448] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[592] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:\WINDOWS\system32\kernel32.dll IAT C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[664] @ C:\WINDOWS\system32\PSAPI.

Gutek · 27 Sierpień 2007 20:53

Daj 2 log

Jeśli będzie jakikolwiek problem z załączeniem logów w poście (ważą więcej niż przewiduje to limit, to znaczy nie chcą się dołączać, przez co są urwane i forum się rozjeżdża) można skorzystać z serwisu http://wklej.org/

QUICKSILVER1942 · 27 Sierpień 2007 21:01

http://www.wklej.org/id/140a7f19fb tu log z ,usługi’'czy chodzi może o kolejną cześć ponieważ tan ta się urwała?

jessica · 28 Sierpień 2007 12:02

W logu jest w zasadzie czysto.

Nie wiem, co to jest, ta powyższa usługa, ale tego się nie dowoemy, bo jest bezplikowa.

jessi

QUICKSILVER1942 · 28 Sierpień 2007 12:17

Hmmm ale i tak coś czuję że mi zwolnił ale teraz to już trochę mniej

a czy jest coś jeszcze czym mógł sprawdzić bo chce się obejść bez formata :lol:

Złączono Posta : 28.08.2007 (Wto) 14:18

to może być ten rootkit tylko on cały czas zmienia nazwę :?

Dziękuję za pomoc od Was