Znowu system padł:( - logi

anon94597501 · 25 Październik 2006 05:15

Witam,

Znowu system padł po ostatnich zabiegach Binol więc co mam zrobić?

Log z HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 7:13:36 , on 2006-10-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Maciek\Pulpit\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe

O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161362167875

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Log z Silent Runners:

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SpeedX” = “C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe” [“MyPortal.pl”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]

“kis” = ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”” [“Kaspersky Lab”]

“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}(Default) = (no title provided)

-> {HKLM…CLSID} = “PCTools Site Guard”

\InProcServer32(Default) = “C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll” [“PC Tools”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}(Default) = (no title provided)

-> {HKLM…CLSID} = “PCTools Browser Monitor”

\InProcServer32(Default) = “C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll” [“PC Tools”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {HKLM…CLSID} = “DesktopContext Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {HKLM…CLSID} = “NVIDIA CPL Extension”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Ochrona WWW”

-> {HKLM…CLSID} = “Ochrona WWW”

\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {HKLM…CLSID} = “Desktop Explorer”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {HKLM…CLSID} = “nView Desktop Context Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

“{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

“{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

“{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

“{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx”

-> {HKLM…CLSID} = “AlcoholShellEx”

\InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll” [“Alcohol Soft Development Team”]

“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”

-> {HKLM…CLSID} = “Microsoft Office Outlook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler”

-> {HKLM…CLSID} = “NeroDigitalIconHandler Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”]

“{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler”

-> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”]

“{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension”

-> {HKLM…CLSID} = “TuneUp Shredder Shell Extension”

\InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”]

“{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension”

-> {HKLM…CLSID} = “TuneUp Theme Extension”

\InProcServer32(Default) = “C:\WINDOWS\system32\uxtuneup.dll” [“TuneUp Software GmbH”]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<> “AppInit_DLLs” = “C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll” [“Kaspersky Lab”]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”]

HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler”

-> {HKLM…CLSID} = “NeroDigitalColumnHandler Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.3\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll” [“Kaspersky Lab”]

TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}”

-> {HKLM…CLSID} = “TuneUp Shredder Shell Extension”

\InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}”

-> {HKLM…CLSID} = “TuneUp Shredder Shell Extension”

\InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll” [“Kaspersky Lab”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Default executables:

<> HKLM\Software\Classes\htafile\shell\open\command(Default) = “NOTEPAD.EXE %1” [MS]

<> HKLM\Software\Classes\scrfile\shell\open\command(Default) = “”%1" %*" [file not found]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

“ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]

Enabled Scheduled Tasks:

“1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart” [“TuneUp Software GmbH”]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}” = (no title provided)

-> {HKLM…CLSID} = “&Tłumaczenie”

\InProcServer32(Default) = “C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll” [“Techland”]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = (no title provided)

-> {HKLM…CLSID} = “Ochrona WWW”

\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}(Default) = “&Ramka Tłumaczenia”

Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32(Default) = “C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll” [“Techland”]

HKLM\Software\Classes\CLSID{D553F157-2AB0-4B46-98D2-7BA7CA418491}(Default) = “&Słownik Podręczny”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll” [“Techland”]

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}”

-> {HKCU…CLSID} = “Java Plug-in 1.5.0_09”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”]

-> {HKLM…CLSID} = “Java Plug-in 1.5.0_09”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

“ButtonText” = “Ochrona WWW”

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\

“ButtonText” = “Spyware Doctor”

“CLSIDExtension” = “{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}”

-> {HKLM…CLSID} = “PCTools Browser Monitor”

\InProcServer32(Default) = “C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll” [“PC Tools”]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

“ButtonText” = “Badanie”

{B46B0919-62BA-4D99-A5C4-916B57A6805C}\

“MenuText” = “@C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103”

“CLSIDExtension” = “{B46B0919-62BA-4D99-A5C4-916B57A6805C}”

-> {HKLM…CLSID} = “InternetTranslatorProperties Class”

\InProcServer32(Default) = “C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll” [“Techland”]

Miscellaneous IE Hijack Points

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

<> “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):

BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe” [null data]

Diskeeper, Diskeeper, ““C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe”” [“Diskeeper Corporation”]

Kaspersky Internet Security 6.0, AVP, ““C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” -r” [“Kaspersky Lab”]

Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]

NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”]

PC Tools Spyware Doctor, SDhelper, “C:\Program Files\Spyware Doctor\sdhelp.exe” [“PC Tools Research Pty Ltd”]

StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”]

TuneUp Design Expansion, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]}

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 39 seconds)

Bieniol · 25 Październik 2006 05:18

Czysto

Przeczyść rejestr (polecam do tego jv16 PowerTools 2006 1.5.2.344), zrób defragmentację, oraz przejrzyj: Optymalizacja XP

Wejdź: Start --> uruchom --> msconfig i w zakładce uruchamianie odznacz (według Ciebie) niepotrzbne przy autostarcie programy

Ściągnij i zastosuj UnHookExec.inf

anon94597501 · 25 Październik 2006 10:41

Ok! Ale mi to nie pomaga!

Więc co mam zrobić?

adam9870 · 25 Październik 2006 12:39

Dziwne, że nie pomaga ponieważ po tym powinno już być ok.

W takim razie może pokaż dwa logi z Gmera przy następujących ustawieniach:

Zakładka Rootkit >>> Zaznaczasz wszystko oprócz Pokaż wszystko >>> kliknij Szukaj >>> Czekasz cierpliwie aż skończy >>> Start, uruchom, notapad i klik na OK >>> Prawy klawisz, wklej >>> Plik >>> zapisz jako >>> zapisz.
Zakładka Rootkit >>> Zaznaczasz tylko Usługi oraz Pokaż wszystko >>> klikasz Szukaj >>> Czekasz cierpliwie aż skończy >>> Start, uruchom, wpisz notapad i klik na OK >>> Prawy klawisz, wklej >>> Plik >>> zapisz jako >>> zapisz.

Potem pliki z logami umieść w jakimś serwisie hostingowym i daj do nich linki ponieważ bezpośrednio do posta się nie zmieszczą.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

anon94597501 · 25 Październik 2006 15:16

adam9870:

Dziwne, że nie pomaga ponieważ po tym powinno już być ok. W takim razie może pokaż dwa logi z Gmera przy następujących ustawieniach: 1. Zakładka Rootkit >>> Zaznaczasz wszystko oprócz Pokaż wszystko >>> kliknij Szukaj >>> Czekasz cierpliwie aż skończy >>> Start, uruchom, notapad i klik na OK >>> Prawy klawisz, wklej >>> Plik >>> zapisz jako >>> zapisz. 2. Zakładka Rootkit >>> Zaznaczasz tylko Usługi oraz Pokaż wszystko >>> klikasz Szukaj >>> Czekasz cierpliwie aż skończy >>> Start, uruchom, wpisz notapad i klik na OK >>> Prawy klawisz, wklej >>> Plik >>> zapisz jako >>> zapisz. Potem pliki z logami umieść w jakimś serwisie hostingowym i daj do nich linki ponieważ bezpośrednio do posta się nie zmieszczą. http://forum.dobreprogramy.pl/viewtopic.php?t=96929

A mogę na twoją pocztę?

Bieniol · 25 Październik 2006 15:19

Sprawy rozwiązujemy na forum, więc wklej logi na forum

anon94597501 · 25 Październik 2006 15:24

A oto 1 log:

GMER 1.0.11.11390 - http://www.gmer.net

Rootkit 2006-10-25 17:21:30

Windows 5.1.2600 Dodatek Service Pack 2



---- System - GMER 1.0.11 ----


SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey

SSDT kl1.sys ZwOpenFile

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]


Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess

Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous


---- Devices - GMER 1.0.11 ----


Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8238EA40

Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8238EA40

Device \Driver\NetBT \Device\NetBT_Tcpip_{A23D0943-1BDF-4D04-A99B-507BC63EF78A} IRP_MJ_CREATE 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{A23D0943-1BDF-4D04-A99B-507BC63EF78A} IRP_MJ_CLOSE 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{A23D0943-1BDF-4D04-A99B-507BC63EF78A} IRP_MJ_DEVICE_CONTROL 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{A23D0943-1BDF-4D04-A99B-507BC63EF78A} IRP_MJ_INTERNAL_DEVICE_CONTROL 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{A23D0943-1BDF-4D04-A99B-507BC63EF78A} IRP_MJ_CLEANUP 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{A23D0943-1BDF-4D04-A99B-507BC63EF78A} IRP_MJ_PNP 820A3E18

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 823D9418

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 823D9418

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 823D96D0

Device \Driver\00000048 \Device\00000058 IRP_MJ_POWER [F8450F68] sptd.sys

Device \Driver\00000048 \Device\00000058 IRP_MJ_SYSTEM_CONTROL [F8465A70] sptd.sys

Device \Driver\00000048 \Device\00000058 IRP_MJ_PNP [F845E728] sptd.sys

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 823D96D0

Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 823D96D0

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8208EA28

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8208EA28

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 81EF0470

Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 81EF0470

Device \Driver\nvatabus \Device\00000074 IRP_MJ_CREATE 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_CREATE_NAMED_PIPE 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_CLOSE 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_READ 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_WRITE 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_QUERY_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_SET_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_QUERY_EA 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_SET_EA 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_FLUSH_BUFFERS 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_QUERY_VOLUME_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_SET_VOLUME_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_DIRECTORY_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_FILE_SYSTEM_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_DEVICE_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_INTERNAL_DEVICE_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_SHUTDOWN 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_LOCK_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_CLEANUP 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_CREATE_MAILSLOT 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_QUERY_SECURITY 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_SET_SECURITY 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_POWER 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_SYSTEM_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_DEVICE_CHANGE 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_QUERY_QUOTA 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_SET_QUOTA 8238EEB0

Device \Driver\nvatabus \Device\00000074 IRP_MJ_PNP 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_CREATE 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_CREATE_NAMED_PIPE 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_CLOSE 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_READ 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_WRITE 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_QUERY_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_SET_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_QUERY_EA 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_SET_EA 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_FLUSH_BUFFERS 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_QUERY_VOLUME_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_SET_VOLUME_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_DIRECTORY_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_FILE_SYSTEM_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_DEVICE_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_INTERNAL_DEVICE_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_SHUTDOWN 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_LOCK_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_CLEANUP 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_CREATE_MAILSLOT 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_QUERY_SECURITY 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_SET_SECURITY 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_POWER 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_SYSTEM_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_DEVICE_CHANGE 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_QUERY_QUOTA 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_SET_QUOTA 8238EEB0

Device \Driver\nvatabus \Device\00000075 IRP_MJ_PNP 8238EEB0

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 820A3E18

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 820A3E18

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 820A3E18

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 820A3E18

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 820A3E18

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 820A3E18

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 820A3E18

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 820A3E18

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 820A3E18

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 820A3E18

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 820A3E18

Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{F0AAC643-D428-41B8-80A6-5B8095F1090A} IRP_MJ_CREATE 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{F0AAC643-D428-41B8-80A6-5B8095F1090A} IRP_MJ_CLOSE 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{F0AAC643-D428-41B8-80A6-5B8095F1090A} IRP_MJ_DEVICE_CONTROL 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{F0AAC643-D428-41B8-80A6-5B8095F1090A} IRP_MJ_INTERNAL_DEVICE_CONTROL 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{F0AAC643-D428-41B8-80A6-5B8095F1090A} IRP_MJ_CLEANUP 820A3E18

Device \Driver\NetBT \Device\NetBT_Tcpip_{F0AAC643-D428-41B8-80A6-5B8095F1090A} IRP_MJ_PNP 820A3E18

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8238EC78

Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8238EC78

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CLOSE 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_READ 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_WRITE 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_EA 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_EA 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SHUTDOWN 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_LOCK_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CLEANUP 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_SECURITY 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_SECURITY 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_POWER 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_QUOTA 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_QUOTA 8238EEB0

Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_PNP 8238EEB0

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81F8C9C8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81F8C9C8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 820F5CC8

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 820F5CC8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 823D96D0

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 823D96D0

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 820B3868

Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 820B3868

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 81F590E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 81F590E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL 81F590E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F590E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 81F590E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 81F590E8

Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 81F590E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81F7F978

Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81F7F978


---- Threads - GMER 1.0.11 ----


Thread 4:168 821EB950

Thread 4:172 821CBC60

Thread 4:176 821CBC60

Thread 4:452 821EB950

Thread 4:516 821EB950

Thread 4:584 821EB950

Thread 4:1176 818EC560


---- EOF - GMER 1.0.11 ----

Bieniol · 25 Październik 2006 15:38

Pierwszy log jest czysty, drugi urwany. Wklej całego drugiego loga

anon94597501 · 25 Październik 2006 15:39

Drugi log:

GMER 1.0.11.11390 - http://www.gmer.net

Rootkit 2006-10-25 17:22:36

Windows 5.1.2600 Dodatek Service Pack 2



---- Services - GMER 1.0.11 ----


Service .NET CLR Data

Service .NET CLR Networking

Service .NET Data Provider for Oracle

Service .NET Data Provider for SqlServer

Service .NETFramework

Service [DISABLED] Abiosdsk

Service [DISABLED] abp480n5

Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI

Service [DISABLED] ACPIEC

Service [DISABLED] adpu160m

Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec

Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD

Service [DISABLED] Aha154x

Service [DISABLED] aic78u2

Service [DISABLED] aic78xx

Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS [MANUAL] ALCXWDM

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter

Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG

Service [DISABLED] AliIde

Service C:\WINDOWS\system32\DRIVERS\amdk7.sys [SYSTEM] AmdK7

Service [DISABLED] amsint

Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt

Service [DISABLED] asc

Service [DISABLED] asc3350p

Service [DISABLED] asc3550

Service ASP.NET

Service ASP.NET_1.1.4322

Service ASP.NET_2.0.50727

Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state

Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac

Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi

Service [DISABLED] Atdisk

Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv

Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub

Service C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe [AUTO] AVP

Service BattC

Service [SYSTEM] Beep

Service C:\WINDOWS\system32\svchost.exe [MANUAL] BITS

Service C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [MANUAL] BlueletAudio

Service C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [AUTO] BlueSoleil Hid Service

Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser

Service C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [MANUAL] BT

Service C:\WINDOWS\System32\Drivers\btcusb.sys [MANUAL] Btcsrusb

Service C:\WINDOWS\system32\DRIVERS\vbtenum.sys [MANUAL] BTHidEnum

Service C:\WINDOWS\System32\Drivers\BTHidMgr.sys [BOOT] BTHidMgr

Service [DISABLED] cbidf2k

Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE

Service [DISABLED] cd20xrnt

Service [SYSTEM] Cdaudio

Service [DISABLED] Cdfs

Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom

Service [SYSTEM] Changer

Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc

Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv

Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MANUAL] clr_optimization_v2.0.50727_32

Service [DISABLED] CmdIde

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp

Service ContentFilter

Service ContentIndex

Service [DISABLED] Cpqarray

Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc

Service [DISABLED] dac2w2k

Service [DISABLED] dac960nt

Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch

Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp

Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk

Service C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [AUTO] Diskeeper

Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin

Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot

Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio

Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload

Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver

Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Dnscache

Service [DISABLED] dpti2o

Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud

Service C:\WINDOWS\System32\Drivers\dtscsi.sys [MANUAL] dtscsi

Service C:\WINDOWS\System32\svchost.exe [DISABLED] ERSvc

Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog

Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem

Service [DISABLED] Fastfat

Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility

Service [SYSTEM] Fdc

Service [SYSTEM] FileDisk

Service [SYSTEM] Fips

Service [SYSTEM] Flpydisk

Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr

Service [SYSTEM] Fs_Rec

Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk

Service C:\WINDOWS\system32\DRIVERS\gameenum.sys [MANUAL] gameenum

Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer

Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc

Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc

Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ

Service [DISABLED] hpn

Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP

Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter

Service [SYSTEM] i2omgmt

Service [DISABLED] i2omp

Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt

Service C:\WINDOWS\system32\drivers\ikhfile.sys [SYSTEM] ikhfile

Service C:\WINDOWS\system32\drivers\ikhlayer.sys [SYSTEM] ikhlayer

Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi

Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService

Service inetaccs

Service [DISABLED] ini910u

Service Inport

Service [DISABLED] IntelIde

Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw

Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver

Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp

Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat

Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec

Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM

Service ISAPISearch

Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp

Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass

Service C:\WINDOWS\system32\drivers\kl1.sys [BOOT] kl1

Service C:\WINDOWS\system32\drivers\klif.sys [SYSTEM] klif

Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer

Service [BOOT] KSecDD

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver

Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation

Service [SYSTEM] lbrtfdc

Service ldap

Service LicenseService

Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts

Service C:\WINDOWS\TEMP\mc21.tmp [DISABLED] mchInjDrv

Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [AUTO] MDM

Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger

Service [SYSTEM] mnmdd

Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc

Service [MANUAL] Modem

Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass

Service [BOOT] MountMgr

Service [DISABLED] mraid35x

Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV

Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb

Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC

Service [SYSTEM] Msfs

Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer

Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV

Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK

Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM

Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios

Service C:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE

Service C:\WINDOWS\system32\drivers\msmpu401.sys [MANUAL] ms_mpu401

Service [BOOT] Mup

Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC

Service C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [MANUAL] NBService

Service [BOOT] NDIS

Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys [MANUAL] NdisIP

Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi

Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio

Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan

Service [MANUAL] NDProxy

Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS

Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE

Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm

Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman

Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla

Service [SYSTEM] Npfs

Service [DISABLED] Ntfs

Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc

Service [SYSTEM] Null

Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv

Service C:\WINDOWS\system32\DRIVERS\nvatabus.sys [BOOT] nvatabus

Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc

Service C:\WINDOWS\system32\DRIVERS\nv_agp.sys [BOOT] nv_agp

Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt

Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd

Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose

Service Outlook

Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport

Service [BOOT] PartMgr

Service [AUTO] ParVdm

Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI

Service [SYSTEM] PCIDump

Service C:\WINDOWS\system32\DRIVERS\pciide.sys [BOOT] PCIIde

Service [DISABLED] Pcmcia

Service [MANUAL] PDCOMP

Service [MANUAL] PDFRAME

Service [MANUAL] PDRELI

Service [MANUAL] PDRFRAME

Service [DISABLED] perc2

Service [DISABLED] perc2hib

Service PerfDisk

Service PerfNet

Service PerfOS

Service PerfProc

Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc

Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay

Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent

Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport

Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage

Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink

Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20

Service [DISABLED] ql1080

Service [DISABLED] Ql10wnt

Service [DISABLED] ql12160

Service [DISABLED] ql1240

Service [DISABLED] ql1280

Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto

Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp

Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan

Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe

Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti

Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss

Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD

Service RDPDD

Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr

Service RDPNP

Service [MANUAL] RDPWD

Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr

Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess

Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteRegistry

Service C:\WINDOWS\System32\Drivers\RootMdm.sys [MANUAL] ROOTMODEM

Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator

Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs

Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP

Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139

Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs

Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr

Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule

Service C:\Program Files\Spyware Doctor\sdhelp.exe [AUTO] SDhelper

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv

Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon

Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS

Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum

Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial

Service [SYSTEM] Sfloppy

Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess

Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection

Service [DISABLED] Simbad

Service C:\WINDOWS\system32\DRIVERS\SLIP.sys [MANUAL] SLIP

Service [DISABLED] Sparrow

Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter

Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler

Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd

Service C:\WINDOWS\system32\DRIVERS\sr.sys [BOOT] sr

Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice

Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv

Service C:\WINDOWS\system32\svchost.exe [DISABLED] SSDPSRV

Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [AUTO] StarWindService

Service C:\WINDOWS\system32\svchost.exe [AUTO] stisvc

Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys [MANUAL] streamip

Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum

Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi

Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv

Service [DISABLED] symc810

Service [DISABLED] symc8xx

Service [DISABLED] sym_hi

Service [DISABLED] sym_u3

Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio

Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv

Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip

Service [MANUAL] TDPIPE

Service [MANUAL] TDTCP

Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD

Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService

Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes

Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr

Service [DISABLED] TosIde

Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks

Service TSDDD

Service [DISABLED] Udfs

Service [DISABLED] ultra

Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf

Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update

Service C:\WINDOWS\system32\svchost.exe [DISABLED] upnphost

Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS

Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci

Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub

Service C:\WINDOWS\system32\DRIVERS\usbohci.sys [MANUAL] usbohci

Service C:\WINDOWS\system32\DRIVERS\usbscan.sys [MANUAL] usbscan

Service C:\WINDOWS\System32\svchost.exe [AUTO] UxTuneUp

Service C:\WINDOWS\System32\Drivers\vaxscsi.sys [MANUAL] vaxscsi

Service C:\WINDOWS\system32\DRIVERS\VComm.sys [MANUAL] VComm

Service C:\WINDOWS\System32\Drivers\VcommMgr.sys [MANUAL] VcommMgr

Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave

Service [DISABLED] ViaIde

Service [BOOT] VolSnap

Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS

Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time

Service W3SVC

Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp

Service [MANUAL] WDICA

Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud

Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient

Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt

Service [MANUAL] Winsock

Service WinSock2

Service WinTrust

Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN

Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi

Service WmiApRpl

Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv

Service C:\WINDOWS\System32\drivers\ws2ifsl.sys [DISABLED] WS2IFSL

Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc

Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC

Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv

Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC

Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov

Service ZoomoutScope

Service {A23D0943-1BDF-4D04-A99B-507BC63EF78A}

Service {F0AAC643-D428-41B8-80A6-5B8095F1090A}

Service {F93111F8-D691-40D0-88CA-7FE69D660043}


---- EOF - GMER 1.0.11 ----

Bieniol · 25 Październik 2006 16:06

Jak na moje oko to czysto

Powiedz w czym dokładnie jest jeszcze problem?

anon94597501 · 25 Październik 2006 16:21

Po prostu długo się włącza. Pulpit bardzo późno zaskakuje i dopiero się wyświetli kiedy to ja włączę alt+ctrl+delete i nie mam pojęcia czemu tak robi:( Po kilku razach ponownego rozruchy potrafi dobrze się załadować i wszystko gra jak w zegarku. Ale po następnym rozruchu znowu to samo:(

Proszę Bieniol wymyśl coś dobrego aby mój system działał

Bieniol · 25 Październik 2006 16:47

Czytałes dokładnie mój pierwszy post w tym temacie? Przejrzyj dokładnie link: optymalizacja XP

anon94597501 · 25 Październik 2006 18:28

Dobra zobaczę i zrobię wszystko co tam piszę, bo nie mam innego wyjścia