witam, mam problem z wyskakujacymi komunikatami, sciagnalem programik, wykonalem loga ktorego zalaczam i co teraz?? dzieki pozdrawiam
oto i on 
Wklej do Notatnika:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=-
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00
Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na “Wszystkie pliki” >>> Zapisz jako FIX.REG >>> uruchom ten plik (dwuklik).
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: ** Qoobox**.
Po tym nowy log z Combo
hej! wiec wykonalem wszystkie polecenia i jak na razie wszystko wrocilo do normy 
zalaczam nowy log w celu potwierdzenia czy aby napewno wszystko jest ok:)
jesli tak to wielkie dzieki za pomoc, jesli nie to prosze o dalsze wskazowki:)
i jedno pytanie jeszcze, czy te logi z notatnika ktore mi sie otworzyly moge pousuwac??
pozdrawiam kris.
ComboFix 07-11-08.1 - Administrator 2007-11-11 22:25:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1353 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
2007-11-11 20:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 17:10
2007-11-11 16:48
2007-11-11 01:19
2007-11-11 01:19
2007-11-11 01:19 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-11-11 01:19 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2007-11-11 00:52 36,352 --a------ C:\WINDOWS\system32\tuvwvtq.dll
2007-11-11 00:25 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-10 21:41 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-10 21:35
2007-11-10 20:58
2007-11-10 18:54
2007-11-10 18:54
2007-11-10 18:34
2007-11-10 18:29 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-10 18:20 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-09 19:41
2007-11-09 19:41
2007-11-09 19:19
2007-11-09 14:15
2007-11-09 10:34 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-09 10:34 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-09 10:34 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-09 10:30
2007-11-09 10:23 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-09 00:09
2007-11-09 00:09 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-09 00:09 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-09 00:09 739,840 --a------ C:\WINDOWS\system32\divx.dll
2007-11-09 00:09 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-09 00:09 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-11-09 00:09 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-09 00:09 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-09 00:09 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-08 21:13
2007-11-08 20:54
2007-11-08 20:54 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2007-11-08 20:53
2007-11-08 16:57
2007-11-08 16:57
2007-11-08 16:52
2007-11-08 16:48
2007-11-08 16:46
2007-11-08 16:46
2007-11-08 16:33
2007-11-08 16:32
2007-11-08 16:31
2007-11-08 16:01
2007-11-08 14:32 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-07 12:37
2007-11-07 12:36
2007-11-07 12:36
2007-11-07 12:36 868,298 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2007-11-07 12:36 530,861 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2007-11-07 12:36 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2007-11-07 12:36 124,928 --a------ C:\WINDOWS\system32\accelerometerST.exe
2007-11-07 12:36 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys
2007-11-07 12:36 7,680 --a------ C:\WINDOWS\system32\accelerometerdll.DLL
2007-11-07 12:35
2007-11-07 12:35 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-07 12:34
2007-11-07 12:34
2007-11-07 12:34
2007-11-07 12:34 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-11-07 12:34 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-11-07 12:34 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-11-07 12:34 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-11-07 12:34 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-11-07 12:34 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-11-07 12:29
2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 19:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-11 19:18 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-11-11 16:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2007-11-09 18:34 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-08 15:32 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-08 15:32 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-08 15:32 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-08 15:32 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-08 15:32 --------- d-----w C:\Program Files\Symantec
2007-11-07 20:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-07 20:22 --------- d-----w C:\Program Files\Usługi online
2007-11-07 20:22 --------- d-----w C:\Program Files\Synaptics
2007-11-07 20:22 --------- d-----w C:\Program Files\Roxio
2007-11-07 20:22 --------- d-----w C:\Program Files\PDF Complete
2007-11-07 20:22 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-07 20:22 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-07 20:22 --------- d-----w C:\Program Files\Microsoft Works
2007-11-07 20:22 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 20:22 --------- d-----w C:\Program Files\Java
2007-11-07 20:22 --------- d-----w C:\Program Files\HP
2007-11-07 20:21 --------- d-----w C:\Program Files\Fingerprint Sensor
2007-11-07 20:21 --------- d-----w C:\Program Files\DIFX
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\Java
2007-11-07 20:21 --------- d-----w C:\Program Files\ATI Technologies
2007-11-07 20:21 --------- d-----w C:\Program Files\Analog Devices
2007-11-07 20:21 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sonic
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Roxio
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\SampleView
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\hpqLog
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\ATI
2007-11-07 11:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-07 11:33 1,768 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6715b (GB836EA#AKD)_YN_0U_QCNU7392HRJ_E434656242_46_I30C2_SHP_VKBC Version 71.28_B68YTT Ver. F.07_T070716_WXP2_L415_M1920_J120_7AMD_8Turion 64 X2 Technology TL-58_91.9_#070728_N14E41693.MRK
2007-11-07 11:26 --------- d-----w C:\Program Files\HPQ
2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-09-18 13:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 13:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 13:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 13:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 13:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 13:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 13:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 13:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 13:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-22 13:19 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:19 661,504 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:19 616,448 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:19 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:19 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:19 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:19 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:19 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:19 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:19 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:19 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:19 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:19 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:19 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:19 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:19 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:19 1,055,744 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:19 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-01-10 11:15 839,700 ----a-w C:\WINDOWS\Fonts\Crack.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MsmqIntCert”=“regsvr32 /s mqrt.dll” []
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2007-01-05 17:36]
“SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2006-07-13 06:12]
“PDF Complete”=“C:\Program Files\PDF Complete\pdfsty.exe” [2007-05-08 07:38]
“PTHOSTTR”=“C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe” [2007-01-09 14:52]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-01-12 14:36]
“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-03-01 12:18]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 14:59]
“osCheck”=“C:\Program Files\Norton Internet Security\osCheck.exe” [2007-01-13 16:11]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0\bin\jusched.exe” [2007-07-28 00:44]
“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-05-02 15:17]
“Recguard”=“C:\WINDOWS\Sminst\Recguard.exe” [2005-12-20 15:51]
“Reminder”=“C:\WINDOWS\Creator\Remind_XP.exe” [2006-03-09 16:38]
“Scheduler”=“C:\WINDOWS\SMINST\Scheduler.exe” [2006-10-09 10:23]
“HP Software Update”=“c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 22:11]
“Cpqset”=“C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe” [2007-05-03 10:52]
“WatchDog”=“C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [2007-05-23 11:00]
“AccelerometerSysTrayApplet”=“C:\WINDOWS\system32\AccelerometerSt.exe” [2007-01-24 14:28]
“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 11:22]
“Ad Muncher”=“C:\Program Files\Ad Muncher\AdMunch.exe” [2007-11-09 19:19]
“BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 09:00]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35]
“LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-04-19 12:26]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 15:14:00]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-11-07 12:34:07]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
“Notification Packages”= SbHpNp scecli
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys
R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”
R2 HpFkCryptService;Drive Encryption Service;“c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe”
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.
Contents of the ‘Scheduled Tasks’ folder
“2007-11-08 15:24:55 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Administrator.job”
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 22:27:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe???T???|?M?|???M?|&?@
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Binary file raw_enum.dat matches
.
Completion time: 2007-11-11 22:27:47
C:\ComboFix2.txt … 2007-11-11 22:22
C:\ComboFix3.txt … 2007-11-11 20:21
.
— E O F —
hej. troche to trwalo, ale jest:)
Użyj jeszcze raz SDFix i daj nowy log
hej. mam pytanie co do tego sdfixa, mianowicie mialemm go jeszcze raz odpalic, ale on pyta co ja chce od niego:) no to zapodalem ze chce nowy raport bodaj i przesylam to co mi napisal:
Restart systemu i użyj jeszcze raz SDFix )
witam ponownie:)
oto i rezultaty:
witam!
Oto i wyniki:
chciałbym przy okazji nadmienić, że wszystko jest w normie, prócz internet explorera. Mianowicie nie odpala się w ogóle:(
ComboFix 07-11-08.1 - Administrator 2007-11-14 11:04:25.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1358 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\3.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\3.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\s32.txt
C:\WINDOWS\system32\aspimgr.exe
C:\WINDOWS\ws386.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ASPIMGR
-------\aspimgr
((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.
2007-11-14 10:36 225,280 --a------ C:\Program Files\Uninstall My Global Search Bar.dll
2007-11-11 23:07
2007-11-11 20:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 17:10
2007-11-11 16:48
2007-11-11 01:19
2007-11-11 01:19
2007-11-11 01:19 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-11-11 01:19 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2007-11-11 00:25 1,770 --a------ C:\WINDOWS\mozver.dat
2007-11-10 21:41 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-10 21:35
2007-11-10 20:58
2007-11-10 18:54
2007-11-10 18:54
2007-11-10 18:34
2007-11-10 18:29 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-10 18:20 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-09 19:41
2007-11-09 19:41
2007-11-09 19:19
2007-11-09 14:15
2007-11-09 10:34 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-09 10:34 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-09 10:34 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-09 10:30
2007-11-09 10:23 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-09 00:09
2007-11-09 00:09 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-09 00:09 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-09 00:09 739,840 --a------ C:\WINDOWS\system32\divx.dll
2007-11-09 00:09 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-09 00:09 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-11-09 00:09 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-09 00:09 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-09 00:09 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-08 21:13
2007-11-08 20:54
2007-11-08 20:54 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2007-11-08 20:53
2007-11-08 16:57
2007-11-08 16:57
2007-11-08 16:52
2007-11-08 16:48
2007-11-08 16:46
2007-11-08 16:46
2007-11-08 16:33
2007-11-08 16:32
2007-11-08 16:31
2007-11-08 16:01
2007-11-08 14:32 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-07 12:37
2007-11-07 12:36
2007-11-07 12:36
2007-11-07 12:36 868,298 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2007-11-07 12:36 530,861 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2007-11-07 12:36 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2007-11-07 12:36 124,928 --a------ C:\WINDOWS\system32\accelerometerST.exe
2007-11-07 12:36 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys
2007-11-07 12:36 7,680 --a------ C:\WINDOWS\system32\accelerometerdll.DLL
2007-11-07 12:35
2007-11-07 12:35 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-07 12:34
2007-11-07 12:34
2007-11-07 12:34
2007-11-07 12:34 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-11-07 12:34 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-11-07 12:34 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-11-07 12:34 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-11-07 12:34 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-11-07 12:34 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-11-07 12:29
2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 10:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-12 14:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2007-11-11 19:18 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-11-09 18:34 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-08 15:32 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-08 15:32 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-08 15:32 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-08 15:32 --------- d-----w C:\Program Files\Symantec
2007-11-07 20:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-07 20:22 --------- d-----w C:\Program Files\Usługi online
2007-11-07 20:22 --------- d-----w C:\Program Files\Synaptics
2007-11-07 20:22 --------- d-----w C:\Program Files\Roxio
2007-11-07 20:22 --------- d-----w C:\Program Files\PDF Complete
2007-11-07 20:22 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-07 20:22 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-07 20:22 --------- d-----w C:\Program Files\Microsoft Works
2007-11-07 20:22 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 20:22 --------- d-----w C:\Program Files\Java
2007-11-07 20:22 --------- d-----w C:\Program Files\HP
2007-11-07 20:21 --------- d-----w C:\Program Files\Fingerprint Sensor
2007-11-07 20:21 --------- d-----w C:\Program Files\DIFX
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-07 20:21 --------- d-----w C:\Program Files\Common Files\Java
2007-11-07 20:21 --------- d-----w C:\Program Files\ATI Technologies
2007-11-07 20:21 --------- d-----w C:\Program Files\Analog Devices
2007-11-07 20:21 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sonic
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Roxio
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\SampleView
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\hpqLog
2007-11-07 20:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\ATI
2007-11-07 11:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-07 11:33 1,768 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6715b (GB836EA#AKD)_YN_0U_QCNU7392HRJ_E434656242_46_I30C2_SHP_VKBC Version 71.28_B68YTT Ver. F.07_T070716_WXP2_L415_M1920_J120_7AMD_8Turion 64 X2 Technology TL-58_91.9_#070728_N14E41693.MRK
2007-11-07 11:29 --------- d-----w C:\Program Files\Skróty programów
2007-11-07 11:26 --------- d-----w C:\Program Files\HPQ
2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-09-18 13:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 13:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 13:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 13:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 13:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 13:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 13:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 13:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 13:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MsmqIntCert”=“regsvr32 /s mqrt.dll” []
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2007-01-05 17:36]
“SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2006-07-13 06:12]
“PDF Complete”=“C:\Program Files\PDF Complete\pdfsty.exe” [2007-05-08 07:38]
“PTHOSTTR”=“C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe” [2007-01-09 14:52]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-01-12 14:36]
“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-03-01 12:18]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 14:59]
“osCheck”=“C:\Program Files\Norton Internet Security\osCheck.exe” [2007-01-13 16:11]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0\bin\jusched.exe” [2007-07-28 00:44]
“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-05-02 15:17]
“Recguard”=“C:\WINDOWS\Sminst\Recguard.exe” [2005-12-20 15:51]
“Reminder”=“C:\WINDOWS\Creator\Remind_XP.exe” [2006-03-09 16:38]
“Scheduler”=“C:\WINDOWS\SMINST\Scheduler.exe” [2006-10-09 10:23]
“HP Software Update”=“c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 22:11]
“Cpqset”=“C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe” [2007-05-03 10:52]
“WatchDog”=“C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [2007-05-23 11:00]
“AccelerometerSysTrayApplet”=“C:\WINDOWS\system32\AccelerometerSt.exe” [2007-01-24 14:28]
“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 11:22]
“Ad Muncher”=“C:\Program Files\Ad Muncher\AdMunch.exe” [2007-11-09 19:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 09:00]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35]
“LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-04-19 12:26]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 15:14:00]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-11-07 12:34:07]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
“Notification Packages”= SbHpNp scecli
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys
R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”
R2 HpFkCryptService;Drive Encryption Service;“c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe”
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8e010a23-911f-11dc-b5a2-001a4b6e0ce2}]
\Shell\AutoRun\command - G:\ie.exe
\Shell\explore\Command - G:\ie.exe
\Shell\open\Command - G:\ie.exe
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.
Contents of the ‘Scheduled Tasks’ folder
“2007-11-12 20:23:01 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Administrator.job”
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 11:09:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe???T???|?M?|???M?|&?@
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Binary file raw_enum.dat matches
.
Completion time: 2007-11-14 11:10:45 - machine was rebooted
C:\ComboFix2.txt … 2007-11-12 13:35
C:\ComboFix3.txt … 2007-11-11 22:27
.
— E O F —
Złączono Posta : 14.11.2007 (Sro) 11:46
przepraszam w poprzednim poscie wkleilem nie to co trzeba:(
SDFix: Version 1.114
Run by Administrator on 2007-11-14 at 11:31
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting…
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files…
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 11:39:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden services & system hive …
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
“s1”=dword:2df9c43f
“s2”=dword:110480d0
“h0”=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“p0”=“C:\Program Files\DAEMON Tools”
“h0”=dword:00000000
“khjeh”=hex:e2,9f,75,05,42,4a,bf,3c,58,af,46,9d,8f,82,5f,c1,96,24,02,22,23,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,bf,dd,ad,1c,84,22,ad,0c,53,da,a9,f6,81,77,72,5a,21,…
“khjeh”=hex:cc,af,14,e3,d8,84,51,12,54,15,ad,9b,1c,0d,68,63,c0,31,17,c2,b7,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:d8,fc,4d,8c,34,e0,da,22,7a,fa,6c,fa,1b,30,de,1b,5d,0e,e0,e0,f9,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“p0”=“C:\Program Files\DAEMON Tools”
“h0”=dword:00000000
“khjeh”=hex:e2,9f,75,05,42,4a,bf,3c,58,af,46,9d,8f,82,5f,c1,96,24,02,22,23,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,bf,dd,ad,1c,84,22,ad,0c,53,da,a9,f6,81,77,72,5a,21,…
“khjeh”=hex:cc,af,14,e3,d8,84,51,12,54,15,ad,9b,1c,0d,68,63,c0,31,17,c2,b7,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:d8,fc,4d,8c,34,e0,da,22,7a,fa,6c,fa,1b,30,de,1b,5d,0e,e0,e0,f9,…
scanning hidden registry entries …
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
“DisplayName”="\xb973\x7791"
“DeviceDesc”="\xb973\x7791"
“ProviderName”="\x27fc\21\xee18\x7c90\x286c\21\b"
“MFG”="\xc1bf\b\xe12b\x1803\x65c"
“ReinstallString”=".10.1000.7"
“DeviceInstanceIds”=str(7):“c:\swsetup\video\sbdrv\smbus\smbusati.inf”
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
“Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,…
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
Files with Hidden Attributes:
Sat 28 Jul 2007 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp”
Wed 14 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\1738c621b33e51e95e7a1d6339d42049\BIT2.tmp”
Finished!
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
C:\Program Files\ Uninstall My Global Search Bar.dll usuń plik
Pobierz Gmer
-
Rootkit=>szukaj=>bez zaznaczania pokaż wszystko=> Ctrl + V do posta wklej
-
Rootkit => zaznaczone tylko Pokazuj wszystko + Usługi => Szukaj => Kopiuj => Ctrl + V do posta wklej
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-14 18:39:38
Windows 5.1.2600 Dodatek Service Pack 2
---- System - GMER 1.0.13 ----
SSDT 89952460 ZwAlertResumeThread
SSDT 8941FE78 ZwAlertThread
SSDT 896918C0 ZwAllocateVirtualMemory
SSDT 896980E8 ZwConnectPort
SSDT ??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 896C4C98 ZwCreateMutant
SSDT 8972C0B0 ZwCreateThread
SSDT ??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT ??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT 896A0E30 ZwFreeVirtualMemory
SSDT 89945290 ZwImpersonateAnonymousToken
SSDT 895CD3C8 ZwImpersonateThread
SSDT 897500B0 ZwMapViewOfSection
SSDT 896C5A70 ZwOpenEvent
SSDT sptd.sys ZwOpenKey
SSDT 894AE118 ZwOpenProcessToken
SSDT 896CC370 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT 897497B8 ZwResumeThread
SSDT 894C0118 ZwSetContextThread
SSDT 8969BFC0 ZwSetInformationProcess
SSDT 896CC1C0 ZwSetInformationThread
SSDT ??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 89951B98 ZwSuspendProcess
SSDT 89315838 ZwSuspendThread
SSDT 894BF118 ZwTerminateProcess
SSDT 89478C58 ZwTerminateThread
SSDT 894C1140 ZwUnmapViewOfSection
SSDT 896A0FC0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2EEA 80503DC6 2 Bytes [4C, 89]
? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
? C:\WINDOWS\system32\drivers\SafeBoot.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text USBPORT.SYS!DllUnload F5E0C7AE 5 Bytes JMP 898DD1C8
? System32\Drivers\a0rf267w.SYS Nie można odnaleźć określonego pliku.
---- User code sections - GMER 1.0.13 ----
.text C:\WINDOWS\Explorer.EXE[520] WS2_32.dll!connect 71A5406A 6 Bytes JMP 01EA0000
.text C:\WINDOWS\Explorer.EXE[520] WS2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 01E80000
.text C:\WINDOWS\Explorer.EXE[520] WS2_32.dll!getsockname 71A5951E 6 Bytes JMP 01EB0000
.text C:\WINDOWS\Explorer.EXE[520] WS2_32.dll!getpeername 71A60B50 4 Bytes [FF, 25, 1C, 00]
.text C:\WINDOWS\Explorer.EXE[520] WS2_32.dll!getpeername + 5 71A60B55 1 Byte [01]
.text C:\WINDOWS\Explorer.EXE[520] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 01E90000
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1876] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00D90000
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1876] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00D70000
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1876] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00DA0000
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1876] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00DB0000
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1876] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00D80000
.text C:\Program Files\PDF Complete\pdfsty.exe[1892] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00E90000
.text C:\Program Files\PDF Complete\pdfsty.exe[1892] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00E70000
.text C:\Program Files\PDF Complete\pdfsty.exe[1892] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00EA0000
.text C:\Program Files\PDF Complete\pdfsty.exe[1892] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00EB0000
.text C:\Program Files\PDF Complete\pdfsty.exe[1892] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00E80000
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1896] ws2_32.dll!connect 71A5406A 6 Bytes JMP 01160000
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1896] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 010B0000
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1896] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 01170000
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1896] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 01180000
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE[1896] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 010C0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ws2_32.dll!connect 71A5406A 6 Bytes JMP 01080000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 01060000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 01090000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 010A0000
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 01070000
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1924] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00CD0000
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1924] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00CB0000
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1924] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00CE0000
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1924] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00CF0000
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1924] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00CC0000
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1944] ws2_32.dll!connect 71A5406A 6 Bytes JMP 019D0000
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1944] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 019B0000
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1944] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 019E0000
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1944] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 019F0000
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1944] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 019C0000
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2068] ws2_32.dll!connect 71A5406A 6 Bytes JMP 01140000
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2068] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 01120000
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2068] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 013E0000
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2068] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 013F0000
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[2068] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 01130000
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 0041C110 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 0041C180 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 0041C000 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!GetScrollInfo 7E370DA2 7 Bytes JMP 0041BF50 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!ShowScrollBar 7E37F2B3 5 Bytes JMP 0041C0D0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!GetScrollPos 7E37F6C4 5 Bytes JMP 0041BF90 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!SetScrollPos 7E37F710 5 Bytes JMP 0041C040 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!GetScrollRange 7E37F747 5 Bytes JMP 0041BFC0 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!SetScrollRange 7E37F95B 5 Bytes JMP 0041C080 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] USER32.dll!EnableScrollBar 7E3B7DDD 7 Bytes JMP 0041BF10 C:\WINDOWS\SMINST\Scheduler.exe
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] WS2_32.dll!connect 71A5406A 6 Bytes JMP 017D0000
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] WS2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 01040000
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] WS2_32.dll!getsockname 71A5951E 6 Bytes JMP 017E0000
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] WS2_32.dll!getpeername 71A60B50 6 Bytes JMP 017F0000
.text C:\WINDOWS\SMINST\Scheduler.exe[2096] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 017C0000
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2108] ws2_32.dll!connect 71A5406A 6 Bytes JMP 009F0000
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2108] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 009D0000
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2108] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00A00000
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2108] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00A10000
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2108] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 009E0000
.text C:\WINDOWS\system32\AccelerometerSt.exe[2148] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\AccelerometerSt.exe[2148] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\AccelerometerSt.exe[2148] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\AccelerometerSt.exe[2148] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00C00000
.text C:\WINDOWS\system32\AccelerometerSt.exe[2148] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\ctfmon.exe[2200] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\ctfmon.exe[2200] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\ctfmon.exe[2200] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\ctfmon.exe[2200] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\ctfmon.exe[2200] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00AC0000
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2216] WS2_32.dll!connect 71A5406A 6 Bytes JMP 00C80000
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2216] WS2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00C60000
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2216] WS2_32.dll!getsockname 71A5951E 6 Bytes JMP 00C90000
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2216] WS2_32.dll!getpeername 71A60B50 6 Bytes JMP 00CA0000
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2216] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00C70000
.text C:\Program Files\DAEMON Tools\daemon.exe[2232] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00D80000
.text C:\Program Files\DAEMON Tools\daemon.exe[2232] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00D60000
.text C:\Program Files\DAEMON Tools\daemon.exe[2232] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00D90000
.text C:\Program Files\DAEMON Tools\daemon.exe[2232] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00DA0000
.text C:\Program Files\DAEMON Tools\daemon.exe[2232] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00D70000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2240] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00FB0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2240] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00F90000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2240] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00FC0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2240] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00FD0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2240] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00FA0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2312] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00DB0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2312] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00D90000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2312] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00DC0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2312] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00DD0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2312] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00DA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2376] WS2_32.dll!connect 71A5406A 6 Bytes JMP 01620000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2376] WS2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 01600000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2376] WS2_32.dll!getsockname 71A5951E 6 Bytes JMP 01630000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2376] WS2_32.dll!getpeername 71A60B50 6 Bytes JMP 01640000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2376] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 01610000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2728] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00DB0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2728] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00D90000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2728] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00DC0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2728] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00DD0000
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2728] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00DA0000
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3288] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00B80000
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3288] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00B60000
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3288] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00B90000
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3288] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00BA0000
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3288] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00B70000
.text C:\Documents and Settings\Administrator\Pulpit\gmer\gmer.exe[3916] ws2_32.dll!connect 71A5406A 6 Bytes JMP 00BB0000
.text C:\Documents and Settings\Administrator\Pulpit\gmer\gmer.exe[3916] ws2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 00B40000
.text C:\Documents and Settings\Administrator\Pulpit\gmer\gmer.exe[3916] ws2_32.dll!getsockname 71A5951E 6 Bytes JMP 00BC0000
.text C:\Documents and Settings\Administrator\Pulpit\gmer\gmer.exe[3916] ws2_32.dll!getpeername 71A60B50 6 Bytes JMP 00BD0000
.text C:\Documents and Settings\Administrator\Pulpit\gmer\gmer.exe[3916] ws2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 00BA0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[3968] WS2_32.dll!connect 71A5406A 6 Bytes JMP 01120000
.text C:\Program Files\Mozilla Firefox\firefox.exe[3968] WS2_32.dll!WSAStartup 71A5664D 6 Bytes JMP 01100000
.text C:\Program Files\Mozilla Firefox\firefox.exe[3968] WS2_32.dll!getsockname 71A5951E 6 Bytes JMP 01130000
.text C:\Program Files\Mozilla Firefox\firefox.exe[3968] WS2_32.dll!getpeername 71A60B50 6 Bytes JMP 01140000
.text C:\Program Files\Mozilla Firefox\firefox.exe[3968] WS2_32.dll!WSAConnect 71A60C69 6 Bytes JMP 01110000
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F729DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F729DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F729DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F729E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F729E61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72B329A] sptd.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 89B1C1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 89B1C1E8
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F71A71DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F71A71DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F71A7454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F71A71DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F719AF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F719AF4C] fltMgr.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{DB7BCE8B-E735-4A0B-A756-6E5637BDF4F7} IRP_MJ_CREATE 8969C1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DB7BCE8B-E735-4A0B-A756-6E5637BDF4F7} IRP_MJ_CLOSE 8969C1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DB7BCE8B-E735-4A0B-A756-6E5637BDF4F7} IRP_MJ_DEVICE_CONTROL 8969C1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DB7BCE8B-E735-4A0B-A756-6E5637BDF4F7} IRP_MJ_INTERNAL_DEVICE_CONTROL 8969C1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DB7BCE8B-E735-4A0B-A756-6E5637BDF4F7} IRP_MJ_CLEANUP 8969C1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DB7BCE8B-E735-4A0B-A756-6E5637BDF4F7} IRP_MJ_PNP 8969C1E8
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F5D70B10] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F79E3A4A] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F79E3A4A] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F79E3CEC] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F79E3D52] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F79E3660] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F79E378E] eabfiltr.sys
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 898BE768
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 898BE768
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 898BE768
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 898BE768
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 89B8F1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 89B8F1E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 898BE768
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 898BE768
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 898BE768
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 898BE768
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_CREATE 898BE768
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_CLOSE 898BE768
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_POWER 898BE768
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_PNP 898BE768
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_CREATE 898BE768
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_CLOSE 898BE768
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_POWER 898BE768
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-3 IRP_MJ_PNP 898BE768
Device \Driver\usbohci \Device\USBPDO-4 IRP_MJ_CREATE 898BE768
Device \Driver\usbohci \Device\USBPDO-4 IRP_MJ_CLOSE 898BE768
Device \Driver\usbohci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-4 IRP_MJ_POWER 898BE768
Device \Driver\usbohci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 898BE768
Device \Driver\usbohci \Device\USBPDO-4 IRP_MJ_PNP 898BE768
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [b51DC420] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [b51DC420] SYMTDI.SYS
Device \Driver\usbehci \Device\USBPDO-5 IRP_MJ_CREATE 898F51E8
Device \Driver\usbehci \Device\USBPDO-5 IRP_MJ_CLOSE 898F51E8
Device \Driver\usbehci \Device\USBPDO-5 IRP_MJ_DEVICE_CONTROL 898F51E8
Device \Driver\usbehci \Device\USBPDO-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 898F51E8
Device \Driver\usbehci \Device\USBPDO-5 IRP_MJ_POWER 898F51E8
Device \Driver\usbehci \Device\USBPDO-5 IRP_MJ_SYSTEM_CONTROL 898F51E8
Device \Driver\usbehci \Device\USBPDO-5 IRP_MJ_PNP 898F51E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 89B1E1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 89B1E1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 898BC1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 898BC1E8
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_CREATE [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_CREATE_NAMED_PIPE [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_CLOSE [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_READ [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_WRITE [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_QUERY_INFORMATION [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_SET_INFORMATION [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_QUERY_EA [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_SET_EA [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_FLUSH_BUFFERS [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_QUERY_VOLUME_INFORMATION [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_SET_VOLUME_INFORMATION [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_DIRECTORY_CONTROL [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_FILE_SYSTEM_CONTROL [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_DEVICE_CONTROL [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_INTERNAL_DEVICE_CONTROL [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_SHUTDOWN [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_LOCK_CONTROL [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_CLEANUP [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_CREATE_MAILSLOT [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_QUERY_SECURITY [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_SET_SECURITY [F72D3B0E] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_POWER [F72ACEA8] sptd.sys
Device \Driver\PCI_NTPNP7730 \Device\00000065 IRP_MJ_SYSTEM_CONTROL [F72D02C8] sptd.sys
Device \
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-14 19:04:08
Windows 5.1.2600 Dodatek Service Pack 2
---- Services - GMER 1.0.13 ----
Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [MANUAL] Accelerometer
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [bOOT] ACPI
Service C:\WINDOWS\system32\DRIVERS\ACPIEC.sys [bOOT] ACPIEC
Service C:\WINDOWS\system32\drivers\ADIHdAud.sys [MANUAL] ADIHdAudAddService
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\AEAudio.sys [MANUAL] AEAudio
Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD
Service C:\WINDOWS\system32\DRIVERS\AGRSM.sys [MANUAL] AgereSoftModem
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service C:\WINDOWS\system32\DRIVERS\aliide.sys [bOOT] AliIde
Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys [sYSTEM] AmdK8
Service [DISABLED] amsint
Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service C:\WINDOWS\system32\DRIVERS\arp1394.sys [MANUAL] Arp1394
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_1.1.4322
Service ASP.NET_2.0.50727
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys [bOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\Ati2evxx.exe [AUTO] Ati HotKey Poller
Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag
Service Atierecord
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [MANUAL] ATSWPDRV
Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub
Service C:\WINDOWS\system32\DRIVERS\b57xp32.sys [MANUAL] b57w2k
Service BattC
Service C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [MANUAL] BCM43XX
Service [sYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe [AUTO] BITS
Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser
Service C:\WINDOWS\system32\drivers\btaudio.sys [MANUAL] btaudio
Service C:\WINDOWS\system32\DRIVERS\btport.sys [MANUAL] BTDriver
Service C:\WINDOWS\system32\DRIVERS\btkrnl.sys [MANUAL] BTKRNL
Service C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [AUTO] btwdins
Service C:\WINDOWS\system32\DRIVERS\btwdndis.sys [MANUAL] BTWDNDIS
Service C:\WINDOWS\System32\Drivers\btwusb.sys [MANUAL] BTWUSB
Service C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys [MANUAL] catchme
Service [DISABLED] cbidf2k
Service C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [AUTO] ccEvtMgr
Service C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [AUTO] ccSetMgr
Service [DISABLED] cd20xrnt
Service [sYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [sYSTEM] Cdrom
Service [sYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32
Service C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [AUTO] CLTNetCnService
Service C:\WINDOWS\system32\DRIVERS\CmBatt.sys [MANUAL] CmBatt
Service [DISABLED] CmdIde
Service C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [MANUAL] comHost
Service C:\WINDOWS\system32\DRIVERS\compbatt.sys [bOOT] Compbatt
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys [bOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload
Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [sYSTEM] eabfiltr
Service eabusb
Service C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [sYSTEM] eeCtrl
Service C:\WINDOWS\system32\DRIVERS\ENTECH.sys [MANUAL] ENTECH
Service C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [MANUAL] EraserUtilRebootDrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem
Service [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys [MANUAL] Fdc
Service [sYSTEM] Fips
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [bOOT] FltMgr
Service [sYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [bOOT] Ftdisk
Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [AUTO] Harmonogram automatycznej us?ugi LiveUpdate
Service C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [MANUAL] HBtnKey
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [MANUAL] HDAudBus
Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [bOOT] hpdskflt
Service c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [AUTO] HpFkCryptService
Service [DISABLED] hpn
Service C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [AUTO] hpqwmiex
Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service [sYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt
Service C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [MANUAL] IDriverT
Service C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [MANUAL] IFXTPM
Service C:\WINDOWS\system32\DRIVERS\imapi.sys [sYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service C:\WINDOWS\system32\DRIVERS\intelide.sys [bOOT] IntelIde
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [sYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [bOOT] isapnp
Service C:\Program Files\Norton Internet Security\isPwdSvc.exe [MANUAL] ISPwdSvc
Service C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [AUTO] IviRegMgr
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass
Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys [sYSTEM] kbdhid
Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [bOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation
Service [sYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe [AUTO] LightScribeService
Service C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [MANUAL] LiveUpdate
Service C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [AUTO] LiveUpdate Notice Ex
Service C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [AUTO] LiveUpdate Notice Service
Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts
Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger
Service [sYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [sYSTEM] Mouclass
Service [bOOT] MountMgr
Service C:\WINDOWS\system32\drivers\mqac.sys [MANUAL] MQAC
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC
Service [sYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\mqsvc.exe [AUTO] MSMQ
Service C:\WINDOWS\system32\mqtgsvc.exe [AUTO] MSMQTriggers
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service [bOOT] Mup
Service C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071113.019\NAVENG.SYS [MANUAL] NAVENG
Service C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071113.019\NAVEX15.SYS [MANUAL] NAVEX15
Service [bOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys [sYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys [sYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service C:\WINDOWS\system32\DRIVERS\nic1394.sys [MANUAL] NIC1394
Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla
Service [sYSTEM] Npfs
Service [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [sYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [MANUAL] odserv
Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys [bOOT] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport
Service [bOOT] PartMgr
Service [DISABLED] ParVdm
Service C:\WINDOWS\SMINST\PCAngel.exe [AUTO] PCA
Service C:\WINDOWS\system32\DRIVERS\pci.sys [bOOT] PCI
Service [sYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys [bOOT] PCIIde
Service C:\WINDOWS\system32\DRIVERS\pcmcia.sys [bOOT] Pcmcia
Service [MANUAL] PDCOMP
Service C:\Program [AUTO] pdfcDispatcher
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service C:\WINDOWS\system32\drivers\pe3ah4nc.sys [bOOT] pe3ah4nc
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service C:\WINDOWS\System32\svchost.exe [AUTO] Pml Driver HPZ12
Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\pr2ah4nc.exe [AUTO] pr2ah4nc
Service C:\WINDOWS\system32\DRIVERS\processr.sys [sYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\drivers\ps6ah4nc.sys [bOOT] ps6ah4nc
Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [sYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasirda.sys [MANUAL] Rasirda
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [sYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr
Service RDPNP
Service [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys [sYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry
Service C:\WINDOWS\system32\drivers\RMCast.sys [MANUAL] RMCAST
Service c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [MANUAL] RoxMediaDB9
Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service [sYSTEM] RsvLock
Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP
Service [bOOT] SafeBoot
Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service [bOOT] SbAlg
Service [bOOT] SbFsLock
Service SbHpNp
Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys [sYSTEM] Serial
Service [sYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\DRIVERS\smcirda.sys [MANUAL] SMCIRDA
Service [DISABLED] Sparrow
Service C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [sYSTEM] SPBBCDrv
Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service C:\WINDOWS\System32\Drivers\sptd.sys [bOOT] sptd
Service C:\WINDOWS\system32\DRIVERS\sr.sys [bOOT] sr
Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice
Service C:\WINDOWS\System32\Drivers\SRTSP.SYS [MANUAL] SRTSP
Service C:\WINDOWS\System32\Drivers\SRTSPL.SYS [MANUAL] SRTSPL
Service C:\WINDOWS\System32\Drivers\SRTSPX.SYS [sYSTEM] SRTSPX
Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\svchost.exe [MANUAL] stisvc
Service c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [MANUAL] stllssvr
Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv
Service C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [MANUAL] Symantec Core LC
Service C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [AUTO] SymAppCore
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service C:\WINDOWS\System32\Drivers\SYMDNS.SYS [MANUAL] SYMDNS
Service C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [MANUAL] SymEvent
Service C:\WINDOWS\System32\Drivers\SYMFW.SYS [MANUAL] SYMFW
Service C:\WINDOWS\System32\Drivers\SYMIDS.SYS [MANUAL] SYMIDS
Service C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20071113.001\SymIDSCo.sys [MANUAL] SYMIDSCO
Service C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [MANUAL] SYMNDIS
Service C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [MANUAL] SYMREDRV
Service C:\WINDOWS\System32\Drivers\SYMTDI.SYS [sYSTEM] SYMTDI
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\DRIVERS\SynTP.sys [MANUAL] SynTP
Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [sYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys [sYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service TSDDD
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service usb
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbohci.sys [MANUAL] usbohci
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys [MANUAL] usbuhci
Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave
Service C:\WINDOWS\system32\DRIVERS\viaide.sys [bOOT] ViaIde
Service [bOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi
Service C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [sYSTEM] WmiAcpi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service C:\Program Files\Windows Media Player\WMPNetwk.exe [MANUAL] WMPNetworkSvc
Service [sYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc
Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv
Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys [MANUAL] WudfPf
Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys [MANUAL] WudfRd
Service C:\WINDOWS\system32\svchost.exe [MANUAL] WudfSvc
Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov
Service {7E966338-0BBF-4BBD-988D-B9F28356FE0D}
Service {9CDE76B4-A11F-4512-9882-67A183867AC5}
Service {CD56FB6F-8094-4927-8C1C-50A7B7FB39DC}
Service {DB7BCE8B-E735-4A0B-A756-6E5637BDF4F7}
Service [MANUAL] a0rf267w
---- EOF - GMER 1.0.13 ----
Nic nie widzę 
to chyba dobrze nie?? bo w zasadzie to już wszystko wróciło do normy, explorer działa, nic nie wyskakuje nieporządanego…
generalnie sielanka
więc dzięki wielkie za poświęcony czas i cierpliwość do mnie
pozdrawiam k.http://forum.dobreprogramy.pl/images/sm … _smile.gif
Smile
Złączono Posta : 14.11.2007 (Sro) 21:24
ten adres się sam jakoś wkleił.