proszę o sprawdzienie loga-otwiera mi się folder common

**Posty:** 160 · przez **_adrer** 31 Mar 2007, 00:19

Witam
Mam problem, dzieje sie to od dziś, no i właśnie nie moge sobie przypomnieć co zrobiłem zanim to sie zaczęlo dziaać. Przy starcie systemu za każdym razem otwiera mi sie sam folder
C:\Program Files\Common
o takiej zawartości:

ielauncher włącza taką stronę:

Pomóżcie mi to jakoś przestawić. NIeiwem jak to zrobić
W nastepnym poście jest log, przy okazji może ktoś wie, czemu mi tak troche zmula??
pzdr
adrer

**Posty:** 10223 · przez **Precel** 31 Mar 2007, 00:27

daj loga z HJ
http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

przez **jeff** 31 Mar 2007, 07:59

ewidentny syf

precel napisał(a):daj loga z HJ

**Posty:** 160 · przez **_adrer** 31 Mar 2007, 14:16

precel napisał(a):daj loga z HJ

OTO LOG:

Logfile of HijackThis v1.99.1
Scan saved at 14:05:49, on 2007-03-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
E:\Program Files\kbdap32a.exe
E:\Program Files\moffice.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Apoint2K\Apoint.exe
E:\Program Files\MOUSE32A.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\WgaTray.exe
E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Documents and Settings\user\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [OFFICEKB] E:\Program Files\kbdap32a.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\moffice.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\KasperskyAV6.0.2.614\polish\scieplugin.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168979623015
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

**Posty:** 18165 · przez **wojtas** 31 Mar 2007, 18:03

dorzuc loga z silent runners:

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

i comboscan

http://forum.programosy.pl/dodatkowe-narzedzia-do-usuwania-i-ochrony-vt42021.html

**Posty:** 160 · przez **_adrer** 31 Mar 2007, 22:25

wojtas19162 napisał(a):dorzuc loga z silent runners:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""E:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "PowerBar" = "(empty string)" [file not found] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "RemoteControl" = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."] "OFFICEKB" = "E:\Program Files\kbdap32a.exe" [empty string] "FLMOFFICE4DMOUSE" = "E:\Program Files\moffice.exe" [empty string] "SSBkgdUpdate" = ""C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."] "PaperPort PTD" = "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" ["ScanSoft, Inc."] "IndexSearch" = "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" ["ScanSoft, Inc."] "SetDefPrt" = "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" ["Brother Industories, Ltd."] "ControlCenter2.0" = "C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun" ["Brother Industries, Ltd."] "Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."] "SmartSync - ScheduleSync" = "C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" ["Siemens"] "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "AVP" = ""E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe"" ["Kaspersky Lab"] "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{EE75AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device" -> {HKLM...CLSID} = "Siemens Device" \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string] "{EE75AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler" -> {HKLM...CLSID} = "Siemens Device ContextMenuHandler" \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string] "{EE75AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device PropertySheetHandlers" -> {HKLM...CLSID} = "Siemens Device PropertySheetHandler" \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW" -> {HKLM...CLSID} = "Statystyki ochrony WWW" \InProcServer32\(Default) = "E:\Program Files\KasperskyAV6.0.2.614\polish\scieplugin.dll" ["Kaspersky Lab"] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Program Files\KasperskyAV6.0.2.614\polish\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Program Files\KasperskyAV6.0.2.614\polish\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "user" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\user\Menu Start\Programy\Autostart "Yahoo! Widget Engine" -> shortcut to: "E:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe" [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Status Monitor" -> shortcut to: "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Brother DCP-115C /STARTUP" ["Brother Industries, Ltd."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "E:\Program Files\KasperskyAV6.0.2.614\polish\scieplugin.dll" ["Kaspersky Lab"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Statystyki ochrony WWW" {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"] Kaspersky Anti-Virus 6.0, AVP, ""E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe" -r" ["Kaspersky Lab"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 40 seconds. ---------- (total run time: 84 seconds)

wojtas19162 napisał(a):i comboscan

tylko podczzas skanu musiałem wyłaczyć antywirusas bo alarmował i przerywał odrzu

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by user on 2007-03-31 at 22:18:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. -- Last 3 Restore Point(s) -- 3: 2007-03-31 20:18:55 UTC - RP3 - ComboScan Restore Point 2: 2007-03-31 20:13:17 UTC - RP2 - ComboScan Restore Point 1: 2007-03-31 20:09:03 UTC - RP1 - Punkt kontrolny systemu Performed disk cleanup. -- HijackThis (run as user.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 22:18:55, on 2007-03-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe E:\Program Files\kbdap32a.exe E:\Program Files\moffice.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Apoint2K\Apoint.exe E:\Program Files\MOUSE32A.EXE E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\WgaTray.exe E:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\user\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [OFFICEKB] E:\Program Files\kbdap32a.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\moffice.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\KasperskyAV6.0.2.614\polish\scieplugin.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168979623015 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe" -r (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R actser - C:\WINDOWS\system32\drivers\actser.sys 1R AmdK8 (Sterownik procesora AMD) - C:\WINDOWS\system32\drivers\AmdK8.sys 3R ApfiltrService (Alps Pointing-device Filter Driver) - C:\WINDOWS\system32\drivers\Apfiltr.sys 3R Arp1394 (Protokół klienta 1394 ARP) - C:\WINDOWS\system32\drivers\arp1394.sys 3S BrScnUsb (Brother USB Still Image driver) - C:\WINDOWS\system32\drivers\BrScnUsb.sys 3R CnxTrLan (Conexant USB Network Adapter Driver) - C:\WINDOWS\system32\drivers\CnxTrLan.sys 3R CnxTrUsb (Conexant USB Network Interface Device Driver) - C:\WINDOWS\system32\drivers\CnxTrUsb.sys 3S ezplay (VSO Software ezplay) - C:\WINDOWS\system32\drivers\ezplay.sys 3R HDAudBus (Sterownik magistrali Microsoft UAA dla High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys 0R kl1 - C:\WINDOWS\system32\drivers\kl1.sys 1R klif - C:\WINDOWS\system32\drivers\klif.sys 3R NIC1394 (Sterownik sieci 1394) - C:\WINDOWS\system32\drivers\nic1394.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 0R nvata - C:\WINDOWS\system32\drivers\nvata.sys 3S NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys 3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys 0R ohci1394 (Kontroler hosta Texas Instruments IEEE 1394 zgodny z OHCI) - C:\WINDOWS\system32\drivers\ohci1394.sys 3S pcouffin (VSO Software pcouffin) - C:\WINDOWS\system32\drivers\pcouffin.sys 3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys 3S siusbmod - C:\WINDOWS\system32\drivers\siusbmod.sys 0R sptd - C:\WINDOWS\system32\drivers\sptd.sys 3S usbccgp (Rodzajowy sterownik nadrzędny USB Microsoft) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys 3S usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys 3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 3R vsbus (Virtual Serial Bus Enumerator) - C:\WINDOWS\system32\drivers\vsb.sys 3S vserial (ELTIMA Virtual Serial Ports Driver) - C:\WINDOWS\system32\drivers\vserial.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2R AVP (Kaspersky Anti-Virus 6.0) - "E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe" -r 2S Brother XP spl Service (BrSplService) - C:\WINDOWS\system32\brsvc01a.exe 3S Microsoft Office Groove Audit Service - "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" 3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 3R NMIndexingService - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe 3S odserv (Microsoft Office Diagnostics Service) - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" 3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe -- Files created between 2007-02-28 and 2007-03-31 ----------------------------- 2007-03-30 22:15:50 32592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-03-30 22:14:06 0 d-------- C:\Program Files\Microsoft Works<MICROS~4> 2007-03-30 22:13:57 0 d-------- C:\Program Files\MSBuild 2007-03-30 22:06:54 0 dr-h----- C:\MSOCache 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\UC.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\RAR.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\LHA.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\ARJ.PIF 2007-03-30 16:12:31 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-03-30 16:12:31 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-03-30 16:12:22 80928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-03-30 16:12:22 3406624 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-03-30 15:27:50 0 d-------- C:\Program Files\Yahoo! 2007-03-30 15:23:28 327168 --a------ C:\WINDOWS\IsUn0415.exe 2007-03-30 14:14:56 0 d-------- C:\Program Files\MegauploadToolbar<MEGAUP~1> 2007-03-30 00:37:29 0 d-------- C:\Program Files\Nero 2007-03-30 00:37:29 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-30 00:37:09 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2> 2007-03-12 13:51:08 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe<UNNERO~4.EXE> 2007-03-11 23:16:28 0 d-------- C:\Program Files\MP3 Player Utilities<MP3PLA~1> 2007-03-11 01:21:09 78096 --a------ C:\WINDOWS\system32\GAPI32.dll 2007-03-11 01:20:51 89360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-03-11 01:20:23 0 d-------- C:\Program Files\Mobile Phone Manager<MOBILE~1> 2007-03-11 01:20:23 0 d-------- C:\Program Files\Common Files\XCPCSync.OEM 2007-03-10 22:40:04 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0> 2007-03-09 18:54:40 0 d-------- C:\Program Files\Video Access ActiveX Object<VIDEOA~1> 2007-03-07 23:58:45 0 d-------- C:\Program Files\Netia 2007-02-28 20:53:50 972336 --a------ C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE> 2007-02-28 15:41:02 972336 --a------ C:\WINDOWS\UNNeroShowTime.exe<UNNERO~3.EXE> -- Find3M Report --------------------------------------------------------------- 2007-03-31 14:38:26 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1> 2007-03-30 23:49:42 359178 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-30 23:49:41 50968 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-30 22:21:49 0 d---s---- C:\Documents and Settings\user\Dane aplikacji\Microsoft<MICROS~1> 2007-03-30 16:02:48 33 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.log 2007-03-30 16:02:48 94080 --a------ C:\Documents and Settings\user\Dane aplikacji\ezplay.sys 2007-03-30 16:02:48 7812 --a------ C:\Documents and Settings\user\Dane aplikacji\ezplay.cat 2007-03-30 16:02:48 87608 --a------ C:\Documents and Settings\user\Dane aplikacji\ezpinst.exe 2007-03-30 16:02:48 33 --a------ C:\Documents and Settings\user\Dane aplikacji\BDKDLOMP.log 2007-03-30 16:02:48 1104 --a------ C:\Documents and Settings\user\Dane aplikacji\BDKDLOMP.inf 2007-03-30 16:02:47 47360 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.sys 2007-03-30 16:02:47 1144 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.inf 2007-03-30 16:02:47 7824 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.cat 2007-03-30 15:26:02 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-30 15:26:00 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Adobe 2007-03-30 14:31:13 0 d-------- C:\Documents and Settings\user\Dane aplikacji\MegauploadToolbar<MEGAUP~1> 2007-03-30 13:58:48 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Ahead 2007-03-30 00:34:23 0 d-------- C:\Program Files\Ahead 2007-03-20 18:08:57 4073 --a------ C:\WINDOWS\mozver.dat 2007-03-18 19:14:29 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Vso 2007-03-11 01:29:08 0 d-------- C:\Documents and Settings\user\Dane aplikacji\XCPCSync.OEM 2007-03-11 01:21:08 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-10 20:07:30 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Real 2007-03-08 19:23:10 0 d-------- C:\Documents and Settings\user\Dane aplikacji\GanymedeNet<GANYME~1> 2007-02-27 23:22:48 0 d-------- C:\Documents and Settings\user\Dane aplikacji\OfficeUpdate12<OFFICE~1> 2007-02-27 18:49:42 0 d-------- C:\Program Files\GinMahjong<GINMAH~1> 2007-02-27 18:49:42 0 d-------- C:\Program Files\GanymedeNet<GANYME~1> 2007-02-27 18:44:08 0 d-------- C:\Program Files\Temp 2007-02-27 18:44:08 0 d-------- C:\Program Files\GinCards 2007-02-27 18:44:08 0 d-------- C:\Program Files\Common 2007-02-27 18:44:08 0 d-------- C:\Program Files\Adv 2007-02-25 23:38:40 0 d-------- C:\Program Files\MSECache 2007-02-24 19:16:24 0 d-------- C:\Documents and Settings\user\Dane aplikacji\ACD Systems<ACDSYS~1> 2007-02-24 19:02:22 0 d-------- C:\Program Files\ACD Systems<ACDSYS~1> 2007-02-17 22:33:58 125 --a------ C:\Documents and Settings\user\Dane aplikacji\BDKDLOMP.ini 2007-02-17 22:16:16 0 d-------- C:\Documents and Settings\user\Dane aplikacji\CyberLink<CYBERL~1> 2007-02-16 21:01:38 0 d-------- C:\Program Files\Apoint2K 2007-02-11 16:53:29 50 --a------ C:\WINDOWS\system32\bridf05a.dat 2007-02-11 16:53:23 0 d-------- C:\Program Files\Brother 2007-02-11 16:53:11 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-02-11 16:51:03 0 d-------- C:\Program Files\Common Files\ScanSoft Shared<SCANSO~1> 2007-02-11 16:50:59 0 d-------- C:\Program Files\ScanSoft 2007-01-29 23:04:00 200768 --a------ C:\WINDOWS\system32\klogon.dll 2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-28 23:15:21 63656 --a------ C:\Documents and Settings\user\Dane aplikacji\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT> 2007-01-17 01:11:46 62 --ahs---- C:\Documents and Settings\user\Dane aplikacji\desktop.ini 2007-01-16 22:38:13 0 --a------ C:\WINDOWS\nsreg.dat 2007-01-16 17:22:02 0 -rahs---- C:\MSDOS.SYS 2007-01-16 17:22:02 0 -rahs---- C:\IO.SYS 2007-01-16 17:22:02 0 --a------ C:\CONFIG.SYS 2007-01-16 17:22:02 0 --a------ C:\AUTOEXEC.BAT 2007-01-16 17:18:59 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT> -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Gadu-Gadu"=""E:\\Program Files\\Gadu-Gadu\\gg.exe" /tray" "PowerBar"="" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"=""C:\\Program Files\\Messenger\\msmsgs.exe" /background" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=""C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RTHDCPL"="RTHDCPL.EXE" "SkyTel"="SkyTel.EXE" "Alcmtr"="ALCMTR.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "RemoteControl"=""C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"" "SunJavaUpdateSched"=""C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe"" "OFFICEKB"="E:\\Program Files\\kbdap32a.exe" "FLMOFFICE4DMOUSE"="E:\\Program Files\\moffice.exe" "SSBkgdUpdate"=""C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe" -Embedding -boot" "PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe" "IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe" "SetDefPrt"="C:\\Program Files\\Brother\\Brmfl05a\\BrStDvPt.exe" "ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun" "Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe" "SmartSync - ScheduleSync"="C:\\PROGRA~1\\MOBILE~1\\SMARTS~1\\SCHEDU~1.EXE" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "AVP"=""E:\\Program Files\\KasperskyAV6.0.2.614\\polish\\avp.exe"" "GrooveMonitor"=""C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-03-31 at 22:19:15 ------------------------

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by user on 2007-03-31 at 22:18:52 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Polish CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 80% Physical Memory (total/avail): 511.48 MiB / 102.01 MiB Pagefile Memory (total/avail): 1247.05 MiB / 874 MiB Virtual Memory (total/avail): 2047.88 MiB / 1997.3 MiB C: is Fixed (NTFS) - 50 GiB total, 43.12 GiB free. D: is CDROM (No Media) E: is Fixed (NTFS) - 91.44 GiB total, 89.17 GiB free. F: is Fixed (NTFS) - 91.43 GiB total, 68.7 GiB free. -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\user\Dane aplikacji CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=USER-69D4433D88 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\user LOGONSERVER=\\USER-69D4433D88 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ahead\Lib\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\user\USTAWI~1\Temp TMP=C:\DOCUME~1\user\USTAWI~1\Temp USERDOMAIN=USER-69D4433D88 USERNAME=user USERPROFILE=C:\Documents and Settings\user windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- user [i](admin)[/i] -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20} --> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee 9 Photo Manager --> MsiExec.exe /X{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238} Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Photoshop 6.0.1 CE --> C:\WINDOWS\ISUN0415.EXE -f"e:\program files\adobe potoshop\Uninst.isu" -c"e:\program files\adobe potoshop\Uninst.dll" Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Aktualizacja dla systemu Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Win

**Posty:** 18165 · przez **wojtas** 31 Mar 2007, 22:43

odpal SmitfraudFix z opcji 2

http://siri.urz.free.fr/Fix/SmitfraudFix.php
opis >>

http://forum.programosy.pl/trudne-przypadki-i-metody-usuwania-vt41947.html

i przejedź nim dysk

**Posty:** 160 · przez **_adrer** 31 Mar 2007, 22:48

Kod: Zaznacz wszystko: SmitFraudFix v2.162 Scan done at 22:39:27,29, 2007-03-31 Run from C:\Documents and Settings\user\Pulpit\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe E:\Program Files\kbdap32a.exe E:\Program Files\moffice.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Apoint2K\Apoint.exe E:\Program Files\MOUSE32A.EXE E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\WgaTray.exe E:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Ulubione »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video Access ActiveX Object\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Moja bieľĄca strona gˆ˘wna" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Conexant USB Network Adapter - Sterownik miniport Harmonogramu pakietów DNS Server Search Order: 10.0.0.2 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7CDAF98D-F456-4B03-9703-63B5748BA212}: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7CDAF98D-F456-4B03-9703-63B5748BA212}: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CS2\Services\Tcpip\..\{97BDF6E5-7A1E-4EF9-8A29-3D38A991E627}: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7CDAF98D-F456-4B03-9703-63B5748BA212}: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

**Posty:** 18165 · przez **wojtas** 31 Mar 2007, 22:59

z opcji 2 odpal potem nowe logi

**Posty:** 160 · przez **_adrer** 31 Mar 2007, 23:08

wojtas19162 napisał(a):silent runners:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""E:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "PowerBar" = "(empty string)" [file not found] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "RemoteControl" = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."] "OFFICEKB" = "E:\Program Files\kbdap32a.exe" [empty string] "FLMOFFICE4DMOUSE" = "E:\Program Files\moffice.exe" [empty string] "SSBkgdUpdate" = ""C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."] "PaperPort PTD" = "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" ["ScanSoft, Inc."] "IndexSearch" = "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" ["ScanSoft, Inc."] "SetDefPrt" = "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" ["Brother Industories, Ltd."] "ControlCenter2.0" = "C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun" ["Brother Industries, Ltd."] "Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."] "SmartSync - ScheduleSync" = "C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" ["Siemens"] "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "AVP" = ""E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe"" ["Kaspersky Lab"] "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{EE75AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device" -> {HKLM...CLSID} = "Siemens Device" \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string] "{EE75AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler" -> {HKLM...CLSID} = "Siemens Device ContextMenuHandler" \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string] "{EE75AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device PropertySheetHandlers" -> {HKLM...CLSID} = "Siemens Device PropertySheetHandler" \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\bin\PhoneExplorer.dll" [empty string] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW" -> {HKLM...CLSID} = "Statystyki ochrony WWW" \InProcServer32\(Default) = "E:\Program Files\KasperskyAV6.0.2.614\polish\scieplugin.dll" ["Kaspersky Lab"] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Program Files\KasperskyAV6.0.2.614\polish\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "E:\Program Files\KasperskyAV6.0.2.614\polish\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "user" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\user\Menu Start\Programy\Autostart "Yahoo! Widget Engine" -> shortcut to: "E:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe" [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Status Monitor" -> shortcut to: "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Brother DCP-115C /STARTUP" ["Brother Industries, Ltd."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "E:\Program Files\KasperskyAV6.0.2.614\polish\scieplugin.dll" ["Kaspersky Lab"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Statystyki ochrony WWW" {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Kaspersky Anti-Virus 6.0, AVP, ""E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe" -r" ["Kaspersky Lab"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 34 seconds, including 5 seconds for message boxes)

[ Dodano: Dzisiaj o 22:10 ]
COMBOSCAN

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by user on 2007-03-31 at 23:00:34 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as user.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 23:00:35, on 2007-03-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe E:\Program Files\kbdap32a.exe E:\Program Files\moffice.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Apoint2K\Apoint.exe E:\Program Files\MOUSE32A.EXE E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\WgaTray.exe E:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\user\Pulpit\comboscan.exe C:\PROGRA~1\HIJACK~1\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [OFFICEKB] E:\Program Files\kbdap32a.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\moffice.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\KasperskyAV6.0.2.614\polish\scieplugin.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168979623015 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe" -r (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- Files created between 2007-02-28 and 2007-03-31 ----------------------------- 2007-03-31 22:39:31 2836 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-31 22:38:17 79360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-03-31 22:38:17 40960 --a------ C:\WINDOWS\system32\swsc.exe 2007-03-31 22:38:17 135168 --a------ C:\WINDOWS\system32\swreg.exe 2007-03-31 22:38:17 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-03-31 22:38:17 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-03-31 22:38:16 53248 --a------ C:\WINDOWS\system32\Process.exe 2007-03-30 22:15:50 32592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-03-30 22:14:06 0 d-------- C:\Program Files\Microsoft Works<MICROS~4> 2007-03-30 22:13:57 0 d-------- C:\Program Files\MSBuild 2007-03-30 22:06:54 0 dr-h----- C:\MSOCache 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\UC.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\RAR.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\LHA.PIF 2007-03-30 21:57:48 545 --a------ C:\WINDOWS\ARJ.PIF 2007-03-30 16:12:31 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-03-30 16:12:31 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-03-30 16:12:22 82208 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-03-30 16:12:22 3471136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-03-30 15:27:50 0 d-------- C:\Program Files\Yahoo! 2007-03-30 15:23:28 327168 --a------ C:\WINDOWS\IsUn0415.exe 2007-03-30 14:14:56 0 d-------- C:\Program Files\MegauploadToolbar<MEGAUP~1> 2007-03-30 00:37:29 0 d-------- C:\Program Files\Nero 2007-03-30 00:37:29 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-30 00:37:09 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2> 2007-03-12 13:51:08 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe<UNNERO~4.EXE> 2007-03-11 23:16:28 0 d-------- C:\Program Files\MP3 Player Utilities<MP3PLA~1> 2007-03-11 01:21:09 78096 --a------ C:\WINDOWS\system32\GAPI32.dll 2007-03-11 01:20:51 89360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-03-11 01:20:23 0 d-------- C:\Program Files\Mobile Phone Manager<MOBILE~1> 2007-03-11 01:20:23 0 d-------- C:\Program Files\Common Files\XCPCSync.OEM 2007-03-10 22:40:04 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0> 2007-03-07 23:58:45 0 d-------- C:\Program Files\Netia 2007-02-28 20:53:50 972336 --a------ C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE> 2007-02-28 15:41:02 972336 --a------ C:\WINDOWS\UNNeroShowTime.exe<UNNERO~3.EXE> -- Find3M Report --------------------------------------------------------------- 2007-03-31 14:38:26 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1> 2007-03-30 23:49:42 359178 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-30 23:49:41 50968 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-30 22:21:49 0 d---s---- C:\Documents and Settings\user\Dane aplikacji\Microsoft<MICROS~1> 2007-03-30 16:02:48 33 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.log 2007-03-30 16:02:48 94080 --a------ C:\Documents and Settings\user\Dane aplikacji\ezplay.sys 2007-03-30 16:02:48 7812 --a------ C:\Documents and Settings\user\Dane aplikacji\ezplay.cat 2007-03-30 16:02:48 87608 --a------ C:\Documents and Settings\user\Dane aplikacji\ezpinst.exe 2007-03-30 16:02:48 33 --a------ C:\Documents and Settings\user\Dane aplikacji\BDKDLOMP.log 2007-03-30 16:02:48 1104 --a------ C:\Documents and Settings\user\Dane aplikacji\BDKDLOMP.inf 2007-03-30 16:02:47 47360 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.sys 2007-03-30 16:02:47 1144 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.inf 2007-03-30 16:02:47 7824 --a------ C:\Documents and Settings\user\Dane aplikacji\pcouffin.cat 2007-03-30 15:26:02 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-30 15:26:00 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Adobe 2007-03-30 14:31:13 0 d-------- C:\Documents and Settings\user\Dane aplikacji\MegauploadToolbar<MEGAUP~1> 2007-03-30 13:58:48 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Ahead 2007-03-30 00:34:23 0 d-------- C:\Program Files\Ahead 2007-03-20 18:08:57 4073 --a------ C:\WINDOWS\mozver.dat 2007-03-18 19:14:29 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Vso 2007-03-11 01:29:08 0 d-------- C:\Documents and Settings\user\Dane aplikacji\XCPCSync.OEM 2007-03-11 01:21:08 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-10 20:07:30 0 d-------- C:\Documents and Settings\user\Dane aplikacji\Real 2007-03-08 19:23:10 0 d-------- C:\Documents and Settings\user\Dane aplikacji\GanymedeNet<GANYME~1> 2007-02-27 23:22:48 0 d-------- C:\Documents and Settings\user\Dane aplikacji\OfficeUpdate12<OFFICE~1> 2007-02-27 18:49:42 0 d-------- C:\Program Files\GinMahjong<GINMAH~1> 2007-02-27 18:49:42 0 d-------- C:\Program Files\GanymedeNet<GANYME~1> 2007-02-27 18:44:08 0 d-------- C:\Program Files\Temp 2007-02-27 18:44:08 0 d-------- C:\Program Files\GinCards 2007-02-27 18:44:08 0 d-------- C:\Program Files\Common 2007-02-27 18:44:08 0 d-------- C:\Program Files\Adv 2007-02-25 23:38:40 0 d-------- C:\Program Files\MSECache 2007-02-24 19:16:24 0 d-------- C:\Documents and Settings\user\Dane aplikacji\ACD Systems<ACDSYS~1> 2007-02-24 19:02:22 0 d-------- C:\Program Files\ACD Systems<ACDSYS~1> 2007-02-17 22:33:58 125 --a------ C:\Documents and Settings\user\Dane aplikacji\BDKDLOMP.ini 2007-02-17 22:16:16 0 d-------- C:\Documents and Settings\user\Dane aplikacji\CyberLink<CYBERL~1> 2007-02-16 21:01:38 0 d-------- C:\Program Files\Apoint2K 2007-02-11 16:53:29 50 --a------ C:\WINDOWS\system32\bridf05a.dat 2007-02-11 16:53:23 0 d-------- C:\Program Files\Brother 2007-02-11 16:53:11 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-02-11 16:51:03 0 d-------- C:\Program Files\Common Files\ScanSoft Shared<SCANSO~1> 2007-02-11 16:50:59 0 d-------- C:\Program Files\ScanSoft 2007-01-29 23:04:00 200768 --a------ C:\WINDOWS\system32\klogon.dll 2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-28 23:15:21 63656 --a------ C:\Documents and Settings\user\Dane aplikacji\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT> 2007-01-17 01:11:46 62 --ahs---- C:\Documents and Settings\user\Dane aplikacji\desktop.ini 2007-01-16 22:38:13 0 --a------ C:\WINDOWS\nsreg.dat 2007-01-16 17:22:02 0 -rahs---- C:\MSDOS.SYS 2007-01-16 17:22:02 0 -rahs---- C:\IO.SYS 2007-01-16 17:22:02 0 --a------ C:\CONFIG.SYS 2007-01-16 17:22:02 0 --a------ C:\AUTOEXEC.BAT 2007-01-16 17:18:59 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT> -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Gadu-Gadu"=""E:\\Program Files\\Gadu-Gadu\\gg.exe" /tray" "PowerBar"="" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"=""C:\\Program Files\\Messenger\\msmsgs.exe" /background" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=""C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RTHDCPL"="RTHDCPL.EXE" "SkyTel"="SkyTel.EXE" "Alcmtr"="ALCMTR.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "RemoteControl"=""C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"" "SunJavaUpdateSched"=""C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe"" "OFFICEKB"="E:\\Program Files\\kbdap32a.exe" "FLMOFFICE4DMOUSE"="E:\\Program Files\\moffice.exe" "SSBkgdUpdate"=""C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe" -Embedding -boot" "PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe" "IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe" "SetDefPrt"="C:\\Program Files\\Brother\\Brmfl05a\\BrStDvPt.exe" "ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun" "Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe" "SmartSync - ScheduleSync"="C:\\PROGRA~1\\MOBILE~1\\SMARTS~1\\SCHEDU~1.EXE" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "AVP"=""E:\\Program Files\\KasperskyAV6.0.2.614\\polish\\avp.exe"" "GrooveMonitor"=""C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 -- End of ComboScan: finished at 2007-03-31 at 23:00:51 ------------------------

**Posty:** 18165 · przez **wojtas** 01 Kwi 2007, 00:23

start>urchom> wpisz msconfig> zakladka uruchamianie> wylacz progsy ktore nie chcesz zeby startowaly z systemem

te mozesz wylaczyc:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [OFFICEKB] E:\Program Files\kbdap32a.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\moffice.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Yahoo! Widget Engine.lnk = E:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

pogrubiony wyzej wywal do kosza

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\tmp.reg

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
potem te pliki:

C:\WINDOWS\system32\drivers\klin.dat
C:\WINDOWS\system32\drivers\klick.dat
C:\WINDOWS\system32\drivers\fidbox2.dat
C:\WINDOWS\system32\drivers\fidbox.dat
C:\Documents and Settings\user\Dane aplikacji\pcouffin.log
C:\Documents and Settings\user\Dane aplikacji\ezplay.sys
C:\Documents and Settings\user\Dane aplikacji\ezplay.cat
C:\Documents and Settings\user\Dane aplikacji\ezpinst.exe
C:\Documents and Settings\user\Dane aplikacji\BDKDLOMP.log
C:\Documents and Settings\user\Dane aplikacji\BDKDLOMP.inf
C:\Documents and Settings\user\Dane aplikacji\pcouffin.sys
C:\Documents and Settings\user\Dane aplikacji\pcouffin.inf
C:\Documents and Settings\user\Dane aplikacji\pcouffin.cat

skasnujesz:

http://virusscan.jotti.org/
http://www.virustotal.com/en/indexf.html

i mowisz czy ktorys skaner wykryl wirusa jak tak to w ktorym pliku

Autor postu otrzymał pochwałę

**Posty:** 160 · przez **_adrer** 01 Kwi 2007, 11:00

wojtas19162 napisał(a):pogrubiony wyzej wywal do kosza

Jak mam to wywalić?? Po prostu to wyłączyłem

Po wyłączeniu tego wszystkiego system startuje inaczej, commmon sie nie pojawia, tylko amm jedno zastrzeżenie, przestały mi działać funkcje myszki tj przewracanie kółkiem strony w dół, otwierania kółkiem w nowej karcie itp. Wcześniej w pasku (tam obok godziny) była taka ikonka myszki, może po prostu to zostało wyłączone? Ktore do tego służyło??

wojtas19162 napisał(a):C:\WINDOWS\system32\drivers\fidbox2.dat
C:\WINDOWS\system32\drivers\fidbox.dat

Tych plików nie chciało przeskanować

0 bytes size received

Po za tym w żadnym pliku wirusa nie znalazło.

**Posty:** 18165 · przez **wojtas** 01 Kwi 2007, 12:06

wlacz:

O4 - HKLM\..\Run: [OFFICEKB] E:\Program Files\kbdap32a.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\moffice.exe

**Posty:** 160 · przez **_adrer** 01 Kwi 2007, 13:02

OK, włączyłem, już to sie niby pojawia, ale dalej mi kółko od myszy nie działa, troche to przeszkadza w Firefoxie, sprawdzałem tu w ustaawieniach komputera, w panelu sterowania i niby wszystko jest dobrze. Co tu jest nie tak??

**Posty:** 18165 · przez **wojtas** 01 Kwi 2007, 16:19

pobierz gmera:

http://gmer.net/gmer.zip

1) Rootkit >>> zaznaczone Pokaż wszystko >>> wskazane tylko Usługi >>> Szukaj >>> Kopiuj >>> CTRL+V do posta
2) Rootkit >>> odznaczone Pokaż wszystko >>> wskazane wszystkie obiekty do skanu >>> Szukaj >>> Kopiuj >>> CTRL+V do posta

**Posty:** 160 · przez **_adrer** 01 Kwi 2007, 19:20

Kod: Zaznacz wszystko: GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-04-01 19:24:15 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys [BOOT] ACPI Service [DISABLED] ACPIEC Service C:\WINDOWS\system32\drivers\actser.sys [MANUAL] actser Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys [SYSTEM] AmdK8 Service [DISABLED] amsint Service C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [MANUAL] ApfiltrService Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service C:\WINDOWS\system32\DRIVERS\arp1394.sys [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys [BOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys [MANUAL] audstub Service E:\Program Files\KasperskyAV6.0.2.614\polish\avp.exe [AUTO] AVP Service BattC Service [SYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe [AUTO] BITS Service C:\WINDOWS\system32\brsvc01a.exe [AUTO] Brother XP spl Service Service C:\WINDOWS\system32\svchost.exe [AUTO] Browser Service C:\WINDOWS\System32\Drivers\BrScnUsb.sys [MANUAL] BrScnUsb Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [SYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys [SYSTEM] Cdrom Service [SYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys [MANUAL] CnxTrLan Service C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys [MANUAL] CnxTrUsb Service C:\WINDOWS\system32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys [BOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe [MANUAL] EventSystem Service C:\WINDOWS\System32\Drivers\ezplay.sys [MANUAL] ezplay Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service [SYSTEM] Fdc Service [SYSTEM] Fips Service [SYSTEM] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys [BOOT] FltMgr Service [SYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys [BOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\system32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [MANUAL] HDAudBus Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [SYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt Service C:\WINDOWS\system32\DRIVERS\imapi.sys [SYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\system32\drivers\RtkHDAud.sys [MANUAL] IntcAzAudAddService Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys [SYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys [BOOT] isapnp Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kl1.sys [BOOT] kl1 Service C:\WINDOWS\system32\drivers\klif.sys [SYSTEM] klif Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [BOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe [AUTO] lanmanworkstation Service [SYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\system32\svchost.exe [AUTO] LmHosts Service C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [AUTO] MDM Service C:\WINDOWS\system32\svchost.exe [DISABLED] Messenger Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [MANUAL] Microsoft Office Groove Audit Service Service [SYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys [SYSTEM] Mouclass Service [BOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe [MANUAL] MSDTC Service [SYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service [BOOT] Mup Service C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [MANUAL] NBService Service [BOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys [SYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\system32\DRIVERS\nic1394.sys [MANUAL] NIC1394 Service C:\WINDOWS\system32\svchost.exe [MANUAL] Nla Service C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [MANUAL] NMIndexingService Service [SYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [SYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [MANUAL] nv Service C:\WINDOWS\system32\DRIVERS\nvata.sys [BOOT] nvata Service C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [MANUAL] NVENETFD Service C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [MANUAL] nvnetbus Service C:\WINDOWS\system32\nvsvc32.exe [AUTO] NVSvc Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [MANUAL] odserv Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys [BOOT] ohci1394 Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose Service Outlook Service C:\WINDOWS\system32\DRIVERS\parport.sys [MANUAL] Parport Service [BOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pci.sys [BOOT] PCI Service [SYSTEM] PCIDump Service C:\WINDOWS\system32\DRIVERS\pciide.sys [BOOT] PCIIde Service [DISABLED] Pcmcia Service C:\WINDOWS\System32\Drivers\pcouffin.sys [MANUAL] pcouffin Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\system32\DRIVERS\processr.sys [SYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys [SYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys [SYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys [SYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [AUTO] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys [SYSTEM] Serial Service [SYSTEM] Sfloppy Service C:\WINDOWS\system32\svchost.exe [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\siusbmod.sys [MANUAL] siusbmod Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd Service C:\WINDOWS\system32\DRIVERS\sr.sys [BOOT] sr Service C:\WINDOWS\system32\svchost.exe [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\system32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys [SYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys [SYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\system32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\system32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\system32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbohci.sys [MANUAL] usbohci Service C:\WINDOWS\system32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave Service [DISABLED] ViaIde Service [BOOT] VolSnap Service C:\WINDOWS\system32\DRIVERS\vsb.sys [MANUAL] vsbus Service C:\WINDOWS\System32\DRIVERS\vserial.sys [MANUAL] vserial Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service [SYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe [AUTO] wscsvc Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {7CDAF98D-F456-4B03-9703-63B5748BA212} Service {83A2A176-6303-4330-A8A6-52C5B7AEA805} Service {F76D5FEC-1FED-4E97-95E3-CECE5FD76528} ---- EOF - GMER 1.0.12 ----

[quote]GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-01 19:37:53
Windows 5.1.2600 Dodatek Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE80 5 Bytes JMP F1A56F00 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF808 5 Bytes JMP F1A57400 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntkrnlpa.exe!KiDispatchInterrupt + 102 80544D02 5 Bytes [ 56, 51, 71, 90, 90 ]
? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text USBPORT.SYS!DllUnload F729E62C 5 Bytes JMP 82CC05F0

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 82DD41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 82DD41D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 82BA3980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 82BA3980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 82BA3980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BA3980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 82BA3980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 82BA3980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 82BA3980
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 82B8C918
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 82B8C918
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 82B8C918
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8C918
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 82B8C918
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 82B8C918
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 82B8C918
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 82DD61D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 82DD61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 82D661D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82B471D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82B471D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 82D661D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 82D661D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82D651D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82D651D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82D651D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D651D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82D651D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82D651D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82D651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 82D651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 82D651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 82D651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 82D651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 82D651D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 82D651D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82D651D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82D651D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82D651D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D651D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82D651D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82D651D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82D651D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 829F51D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 829F51D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 829F51D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 829F51D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 829F51D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 829F51D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 829F51D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 829F51D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 829F51D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 829F51D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 829F51D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 829F51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_CREATE 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_CREATE_NAMED_PIPE 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_CLOSE 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_READ 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_WRITE 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_INFORMATION 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_SET_INFORMATION 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_EA 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_SET_EA 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_FLUSH_BUFFERS 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_VOLUME_INFORMATION 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_SET_VOLUME_INFORMATION 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_DIRECTORY_CONTROL 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_FILE_SYSTEM_CONTROL 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_DEVICE_CONTROL 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_SHUTDOWN 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_LOCK_CONTROL 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_CLEANUP 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_CREATE_MAILSLOT 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_SECURITY 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_SET_SECURITY 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_POWER 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_SYSTEM_CONTROL 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_DEVICE_CHANGE 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_QUOTA 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_SET_QUOTA 82DD51D8
Device \Driver\nvata \Device\0000005f IRP_MJ_PNP 82DD51D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 82BA3980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 82BA3980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 82BA3980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BA3980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 82BA3980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 82BA3980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 82BA3980
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD51D8
Device \Driver\nvata \Device\NvAta0 IRP

**Posty:** 18165 · przez **wojtas** 01 Kwi 2007, 19:57

tu nic nie widze

**Posty:** 160 · przez **_adrer** 01 Kwi 2007, 19:59

Tu jest reszta

Kod: Zaznacz wszystko: GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-04-01 19:50:28 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2 SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey SSDT kl1.sys ZwOpenFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295] SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296] Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.12 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAE80 5 Bytes JMP F1A56F00 \??\C:\WINDOWS\system32\drivers\klif.sys .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF808 5 Bytes JMP F1A57400 \??\C:\WINDOWS\system32\drivers\klif.sys .text ntkrnlpa.exe!KiDispatchInterrupt + 102 80544D02 5 Bytes [ 56, 51, 71, 90, 90 ] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload F729E62C 5 Bytes JMP 82CC05F0 ---- User code sections - GMER 1.0.12 ---- .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3544] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 32605629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 82DD41D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 82DD41D8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 82BA3980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 82BA3980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 82BA3980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BA3980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 82BA3980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 82BA3980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 82BA3980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 82DD61D8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 82DD61D8 Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 82B8C918 Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 82B8C918 Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 82B8C918 Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8C918 Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 82B8C918 Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 82B8C918 Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 82B8C918 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 82D661D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82B471D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82B471D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 82D661D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 82D661D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 82D651D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 82D651D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 82D651D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D651D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 82D651D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 82D651D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 82D651D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82D651D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82D651D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82D651D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D651D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82D651D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82D651D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82D651D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82D651D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82D651D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82D651D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D651D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82D651D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82D651D8 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82D651D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 829F51D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 829F51D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 829F51D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 829F51D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 829F51D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 829F51D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 829F51D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 829F51D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 829F51D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 829F51D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 829F51D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 829F51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_CREATE 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_CREATE_NAMED_PIPE 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_CLOSE 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_READ 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_WRITE 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_INFORMATION 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_SET_INFORMATION 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_EA 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_SET_EA 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_FLUSH_BUFFERS 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_VOLUME_INFORMATION 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_SET_VOLUME_INFORMATION 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_DIRECTORY_CONTROL 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_FILE_SYSTEM_CONTROL 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_DEVICE_CONTROL 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_SHUTDOWN 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_LOCK_CONTROL 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_CLEANUP 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_CREATE_MAILSLOT 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_SECURITY 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_SET_SECURITY 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_POWER 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_SYSTEM_CONTROL 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_DEVICE_CHANGE 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_QUERY_QUOTA 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_SET_QUOTA 82DD51D8 Device \Driver\nvata \Device\0000005f IRP_MJ_PNP 82DD51D8 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 82BA3980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 82BA3980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 82BA3980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BA3980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 82BA3980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 82BA3980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 82BA3980 Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 82B8C918 Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 82B8C918 Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 82B8C918 Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8C918 Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 82B8C918 Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 82B8C918 Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 82B8C918 Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 82DD51D8 Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 82DD51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 820781D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 820781D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 82DD51D8 Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 82DD51D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 820781D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 820781D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7CDAF98D-F456-4B03-9703-63B5748BA212} IRP_MJ_CREATE 829F51D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7CDAF98D-F456-4B03-9703-63B5748BA212} IRP_MJ_CLOSE 829F51D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7CDAF98D-F456-4B03-9703-63B5748BA212} IRP_MJ_DEVICE_CONTROL 829F51D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7CDAF98D-F456-4B03-9703-63B5748BA212} IRP_MJ_INTERNAL_DEVICE_CONTROL 829F51D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7CDAF98D-F456-4B03-9703-63B5748BA212} IRP_MJ_CLEANUP 829F51D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{7CDAF98D-F456-4B03-9703-63B5748BA212} IRP_MJ_PNP 829F51D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 82D661D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 82D661D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 829757C8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 829757C8 ---- Threads - GMER 1.0.12 ---- Thread 4:172 82BFD8E0 Thread 4:176 82BFD8E0 Thread 4:180 82BD68D0 Thread 4:184 82BD68D0 Thread 4:188 82BD68D0 Thread 4:416 82BFD8E0 Thread 4:564 82BFD8E0 ---- EOF - GMER 1.0.12 ----

**Posty:** 18165 · przez **wojtas** 01 Kwi 2007, 22:29

tu tez jest ok

proszę o sprawdzienie loga-otwiera mi się folder common

proszę o sprawdzienie loga-otwiera mi się folder common

Kto jest na forum