trojan.downloader.agent.awf

[Nodo]

Mam problem z tym wirusem. Na forum znajduje się już jeden temat o tym wirusie ale nie chciałbym, żeby ktoś sprawdził mój log z hijacka

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 11:26:37, on 2007-04-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\USER\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



[First]

Pobierz Killbox
zaznacz opcje delete on reboot i w polu full patch of file to delete wklej:

C:\WINDOWS\system32\lsasss.exe

KLikasz X reset kompa

W HIjackthis zaznaczasz te wpisy:

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
Unknown
O20 - AppInit_DLLs:

I wcinskasz Fix Checked

Po zabiegu nowy log z Hijackthis +Silentrunners +ComboScan

[wojtas]

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)
Start do awaryjnego ( F8 ) przy starcie komputera.

F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O20 - AppInit_DLLs:

Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.
Pogrubione pliki usuwasz ręcznie z dysku

potem:

start>urchom> wpisz msconfig> zakladka uruchamianie> wylacz progsy ktore nie chcesz zeby startowaly z systemem

jesli nie masz Flashgeta to kasujesz:

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

potem nowe logi z Hijack This oraz Silent runners

[Nodo]

Jestem po tych zabiegach

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 12:12:02, on 2007-04-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\USER\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Silent Runners

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" [null data]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTDVDDET" = ""C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"" [null data]
"CTSysVol" = "C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r" [null data]
"AudioDrvEmulator" = ""C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"" ["Creative Technology Ltd."]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" [null data]
"Easy-PrintToolBox" = "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [null data]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [null data]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" [null data]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Megaupload Toolbar"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                   \InProcServer32\(Default) = "C:\Program Files\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 22
%SystemRoot%\system32\mswsock.dll [MS], 06 - 09, 12 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
  -> {HKLM...CLSID} = "Megaupload Toolbar"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
  -> {HKLM...CLSID} = "Easy-WebPrint"
                   \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
  -> {HKLM...CLSID} = "Megaupload Toolbar"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

InCD Helper, InCDsrv, "C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor iP1600\Driver = "CNMLM75.DLL" ["CANON INC."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


Niestety NOD nie może sobie dalej poradzić z tym wirem.

Kod: Zaznacz wszystko

Infekcja trojan Win32/TrojanDownloader.Agent.AWF została wykryta w pamięci operacyjnej. Nie można podjąć żadnej akcji do zainfekowanej pamięci.

[First]

Logi juz nic,nie pokazuja poza watpliwej reputacji toolbarem

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

Daj loga z ComboScan
I powiedz lokalizacje w jakiej Nod32 wykrywa tego trojana.

Autor postu otrzymał pochwałę

[Nodo]

Pamięc zainfekowana z C:\Program Files \Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE.

C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE - Win32/TrojanDownloader.Agent.AWF trojan
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE - Win32/TrojanDownloader.Agent.AWF trojan
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\Program Files\DAEMON Tools\daemon.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\Program Files\DAEMON Tools\SetupDTSB.exe - Win32/Adware.WhenU.SaveNow Program
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\Program Files\Nero\Nero 7\InCD\InCD.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\Program Files\QuickTime\qttask.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\Program Files\Winamp\winampa.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\System Volume Information\_restore{E2E9B3FA-0B9E-413D-A3A9-64C2B29DECD9}\RP185\A0046159.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\System Volume Information\_restore{E2E9B3FA-0B9E-413D-A3A9-64C2B29DECD9}\RP188\A0046280.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\System Volume Information\_restore{E2E9B3FA-0B9E-413D-A3A9-64C2B29DECD9}\RP188\A0046336.exe - Win32/TrojanDownloader.Agent.AWF trojan
C:\WINDOWS\UpdReg.EXE - Win32/TrojanDownloader.Agent.AWF trojan
C:\WINDOWS\system32\lsasss.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\program files\creative\sbaudigy4\dvdaudio\ctdvddet.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\program files\creative\sbaudigy4\surround mixer\ctsysvol.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\windows\updreg.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\program files\java\jre1.5.0_11\bin\jusched.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\program files\canon\easy-printtoolbox\bjpsmain.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\program files\quicktime\qttask.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\program files\nero\nero 7\incd\incd.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\program files\daemon tools\daemon.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\program files\winamp\winampa.exe - Win32/TrojanDownloader.Agent.AWF trojan
c:\windows\system32\lsasss.exe - Win32/TrojanDownloader.Agent.AWF trojan


Logi z Comboscana

Kod: Zaznacz wszystko

ComboScan v20070306.20 run by USER on 2007-04-09 at 13:56:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-04-09 11:56:41 UTC - RP2 - ComboScan Restore Point
1: 2007-04-09 10:22:55 UTC - RP1 - Punkt kontrolny systemu


Performed disk cleanup.


-- HijackThis (run as USER.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:56:47, on 2007-04-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\USER\Pulpit\comboscan.exe
C:\DOCUME~1\USER\Pulpit\HIJACK~1\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- HijackThis Fixed Entries (C:\DOCUME~1\USER\Pulpit\HIJACK~1\backups\) --------

backup-20070409-115340-718 O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
backup-20070409-115340-938 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20070409-121158-766 F3 - REG:win.ini: load=C:\YDPDict\watch.exe

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R AmdK8 (AMD Processor Driver) - C:\WINDOWS\system32\drivers\AmdK8.sys
2R AMON - C:\WINDOWS\system32\drivers\amon.sys
2R atksgt - C:\WINDOWS\system32\drivers\atksgt.sys
3R ctac32k (Creative AC3 Software Decoder) - C:\WINDOWS\system32\drivers\ctac32k.sys
3R ctaud2k (Creative Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\ctaud2k.sys
3S ctdvda2k (Creative DVD-Audio Device Driver) - C:\WINDOWS\system32\drivers\ctdvda2k.sys
3R ctprxy2k (Creative Proxy Driver) - C:\WINDOWS\system32\drivers\ctprxy2k.sys
3R ctsfm2k (Creative SoundFont Management Device Driver) - C:\WINDOWS\system32\drivers\ctsfm2k.sys
3S dtscsi - C:\WINDOWS\system32\Drivers\dtscsi.sys (not found)
3R emupia (E-mu Plug-in Architecture Driver) - C:\WINDOWS\system32\drivers\emupia2k.sys
0R giveio - C:\WINDOWS\system32\giveio.sys
3S GMSIPCI - G:\INSTALL\GMSIPCI.SYS (not found)
3S GVCplDrv - C:\WINDOWS\system32\drivers\GVCplDrv.sys
3R ha10kx2k (Creative Hardware Abstract Layer Driver) - C:\WINDOWS\system32\drivers\ha10kx2k.sys
3S hamachi (Hamachi Network Interface) - C:\WINDOWS\system32\drivers\hamachi.sys
3S hap16v2k (Creative P16V HAL Driver) - C:\WINDOWS\system32\drivers\haP16v2k.sys
3R hap17v2k (Creative P17V HAL Driver) - C:\WINDOWS\system32\drivers\haP17v2k.sys
4R InCDfs (InCD File System) - C:\WINDOWS\system32\drivers\InCDfs.sys
1R InCDPass - C:\WINDOWS\system32\drivers\InCDPass.sys
1R incdrm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDRm.sys
2R irda (Protokół IrDA) - C:\WINDOWS\system32\drivers\irda.sys
3R irsir (Sterownik portu szeregowego podczerwieni Microsoft) - C:\WINDOWS\system32\drivers\irsir.sys
2R lirsgt - C:\WINDOWS\system32\drivers\lirsgt.sys
3S NTACCESS - G:\NTACCESS.sys (not found)
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3S NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys
3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys
3R ossrv (Creative OS Services Driver) - C:\WINDOWS\system32\drivers\ctoss2k.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
2R PfModNT - C:\WINDOWS\system32\drivers\pfmodnt.sys
1R PQNTDrv - C:\WINDOWS\system32\drivers\PQNTDRV.SYS
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3R RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtnicxp.sys
3S rtl8139 (Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet) - C:\WINDOWS\system32\drivers\RTL8139.sys
3S SER120 (OTI Serial port driver) - C:\WINDOWS\system32\drivers\ser120.sys
3S SetupNTGLM7X - G:\NTGLM7X.sys (not found)
0R sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - C:\WINDOWS\system32\drivers\sfdrv01.sys
0R sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - C:\WINDOWS\system32\drivers\sfhlp02.sys
0R sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - C:\WINDOWS\system32\drivers\sfsync04.sys
0R speedfan - C:\WINDOWS\system32\speedfan.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3S st3bus28 - C:\WINDOWS\system32\drivers\st3bus28.sys
3S st3mp28 - C:\WINDOWS\system32\drivers\st3mp28.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Klasa PRINTER USB Microsoft) - C:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
1R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - C:\WINDOWS\system32\drivers\ws2ifsl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2R InCDsrv (InCD Helper) - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
2R Irmon (Monitor podczerwieni) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe


-- Files created between 2007-03-09 and 2007-04-09 -----------------------------

2007-04-09 11:48:14         0 d-------- C:\!KillBox
2007-04-09 11:47:05         0 d-------- C:\WINDOWS\pss
2007-04-08 23:29:54    270336 --a------ C:\WINDOWS\system32\imon.dll
2007-04-08 23:29:54    502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-04-08 23:22:32         0 d-------- C:\Program Files\Lavasoft
2007-04-06 23:26:01         0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-04-06 23:25:17         0 d-------- C:\WINDOWS\system32\AGEIA
2007-04-06 23:25:17         0 d-------- C:\Program Files\AGEIA Technologies<AGEIAT~1>
2007-04-06 23:25:08         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-06 20:04:48         0 d-------- C:\Program Files\Lavalys
2007-04-06 20:03:35         0 d-------- C:\Program Files\SpeedFan
2007-04-06 19:48:37         0 d-------- C:\WINDOWS\system32\bak
2007-04-06 19:48:37         0 d-------- C:\WINDOWS\bak
2007-04-06 14:15:01         0 d-------- C:\Program Files\MegauploadToolbar<MEGAUP~1>
2007-04-06 08:30:13    251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>
2007-04-06 08:30:12     68888 --a------ C:\WINDOWS\system32\xinput1_3.dll<XINPUT~4.DLL>
2007-04-06 08:30:12    237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll<XA3856~1.DLL>
2007-04-06 08:30:12    236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-04-06 08:30:12     15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2007-04-06 08:30:12   3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-06 08:30:12   2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-06 08:30:11     62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>


-- Find3M Report ---------------------------------------------------------------

2007-04-09 13:56:56    448004 --a------ C:\WINDOWS\system32\perfh015.dat
2007-04-09 13:56:56     74230 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-09 12:24:05        41 --a------ C:\WINDOWS\system32\eaddaf7_s.dll<EADDAF~1.DLL>
2007-04-08 11:36:51         0 d-------- C:\Program Files\Common Files\Adobe
2007-04-08 11:36:51         0 d-------- C:\Documents and Settings\USER\Dane aplikacji\Adobe
2007-04-07 18:43:47         0 d-------- C:\Documents and Settings\USER\Dane aplikacji\MegauploadToolbar<MEGAUP~1>
2007-04-07 16:13:51         0 d-------- C:\Program Files\FlashGet
2007-04-07 16:13:13         0 d-------- C:\Program Files\BearShare<BEARSH~1>
2007-04-06 20:45:48         0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1>
2007-04-06 19:48:37         0 d-------- C:\Program Files\Winamp
2007-04-06 19:48:37         0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-04-06 19:48:37         0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-04-06 19:47:26     37398 --a------ C:\WINDOWS\UpdReg.EXE
2007-04-05 16:05:07         0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-22 16:27:15         0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-22 16:27:06         0 d-------- C:\Program Files\CyberLink<CYBERL~1>
2007-03-16 19:05:58         0 d-------- C:\Documents and Settings\USER\Dane aplikacji\Sports Interactive<SPORTS~1>
2007-03-16 18:55:28         0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-16 18:52:41         0 d---s---- C:\Documents and Settings\USER\Dane aplikacji\Microsoft<MICROS~1>
2007-02-24 16:22:05         0 d-------- C:\Documents and Settings\USER\Dane aplikacji\Winamp
2007-02-23 18:47:59         0 d-------- C:\Documents and Settings\USER\Dane aplikacji\VanDyke
2007-02-17 18:08:41         0 d-------- C:\Program Files\jv16 PowerTools 2006<JV16PO~1>
2007-02-17 17:54:29         5 --ahs---- C:\WINDOWS\system32\ecadacf_k.dll<ECADAC~1.DLL>
2007-02-15 20:23:30         0 d-------- C:\Program Files\GanymedeNet<GANYME~1>
2007-02-15 20:16:14         0 d-------- C:\Program Files\GinBillard<GINBIL~1>
2007-02-15 20:16:13         0 d-------- C:\Program Files\Common
2007-02-15 20:15:58      4460 --a------ C:\WINDOWS\mozver.dat
2007-02-12 18:53:34         0 d-------- C:\Program Files\Java
2007-02-09 02:27:31         0 d-------- C:\Documents and Settings\USER\Dane aplikacji\InstallShield<INSTAL~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy4\\DVDAudio\\CTDVDDET.EXE\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"
   

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter\0\0
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
DcomLaunch   REG_MULTI_SZ      DcomLaunch\0TermService\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0

Kod: Zaznacz wszystko

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\USER\Dane aplikacji
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=99EA74DE1578497
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\USER
LOGONSERVER=\\99EA74DE1578497
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\ABSOLU~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\USER\USTAWI~1\Temp
TMP=C:\DOCUME~1\USER\USTAWI~1\Temp
USERDOMAIN=99EA74DE1578497
USERNAME=USER
USERPROFILE=C:\Documents and Settings\USER
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

USER [I](admin)[/I]
Administrator.99EA74DE1578497.003 [I](new local, admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy4\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55F63529-9E2F-46C0-A22C-8445B670BCFA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55F63529-9E2F-46C0-A22C-8445B670BCFA}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9  /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9  /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 9 Photo Manager --> MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
AGEIA PhysX v6.10.05 --> MsiExec.exe /X{582876EC-A178-44D4-9823-C10D6C62EAFF}
ALLPlayer V2.4 --> "C:\Program Files\MarBit\ALLPlayer\unins000.exe"
Anno 1701 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\setup.exe" -l0x15  -removeonly
Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Canon iP1600 --> C:\WINDOWS\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Dane aplikacji\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0415.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Football Manager 2007 --> D:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9  -removeonly
HijackThis 1.99.1 --> C:\Documents and Settings\USER\Pulpit\hijackthis\HijackThis.exe /uninstall
Infernal --> D:\Program Files\Playlogic\Infernal\uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
jv16 PowerTools 2006 --> "C:\Program Files\jv16 PowerTools 2006\unins000.exe"
Medal of Honor - Spearhead --> E:\PROGRA~1\HONOR_~1\UNWISE.EXE E:\PROGRA~1\HONOR_~1\INSTALL.LOG
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.1) --> C:\PROGRA~1\MOZILL~1\uninstall\uninst.exe
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Need for Speed™ Carbon --> E:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero 7 --> MsiExec.exe /I{4908C75E-E5E2-43F7-B1DF-023CBA831045}
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Onet.pl - Skype (BETA) --> "C:\Program Files\Skype\Phone\unins000.exe"
OpenP2M --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.glauberpires.com.br/p2m/download/OpenP2M.jnlp"
Peer2Mail (remove only) --> "C:\Program Files\Peer2Mail\uninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe"
Pro Evolution Soccer 6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1045
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Real Alternative 1.23 --> "C:\Program Files\Real Alternative\unins000.exe"
S.T.A.L.K.E.R. - Shadow of Chernobyl --> "D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
SlowView --> "C:\Program Files\SlowView\Uninstall.exe"
Sound Blaster Audigy 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}\SETUP.EXE" -l0x9  /remove
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spolszczenie do Medieval 2: Total War --> E:\PROGRAM FILES\SEGA\MEDIEVAL II TOTAL WAR\Uninstal.exe
System Antywirusowy NOD32 --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe
Usb to Serial Driver 1.12.28 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F46E168-E0F4-45EA-81F5-80488334B609}\Setup.exe" -l0x9
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"


[wojtas]

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)> po chwili wlacz spowrotem

przeskanuj kompa tym www.ewido.com >> wywal wszystko co znajdzie

sciagnij gmera:

http://gmer.net/gmer.zip

1) Rootkit >>> zaznaczone Pokaż wszystko >>> wskazane tylko Usługi >>> Szukaj >>> Kopiuj >>> CTRL+V do posta
2) Rootkit >>> odznaczone Pokaż wszystko >>> wskazane wszystkie obiekty do skanu >>> Szukaj >>> Kopiuj >>> CTRL+V do posta

Autor postu otrzymał pochwałę

[Nodo]

Ewido znalazł backdoor.hupigon.kg E:\Program Files\Rockstar Games\GTA San Andreas\hlm-intro.exe

i Hijacker.agent.jh C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE

ale nie mógł ich usunąć

Chyba jednak będzie potrzebny format aby się pozbyć tych syfów.

1)

Kod: Zaznacz wszystko

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-09 16:29:18
Windows 5.1.2600 Dodatek Service Pack 2


---- Services - GMER 1.0.12 ----

Service                                                                               .NET CLR Data
Service                                                                               .NET CLR Networking
Service                                                                               .NET Data Provider for Oracle
Service                                                                               .NET Data Provider for SqlServer
Service                                                                               .NETFramework
Service                                                                               [DISABLED] Abiosdsk
Service                                                                               [DISABLED] abp480n5
Service  C:\WINDOWS\system32\DRIVERS\ACPI.sys                                         [BOOT] ACPI
Service                                                                               [DISABLED] ACPIEC
Service                                                                               [DISABLED] adpu160m
Service  C:\WINDOWS\system32\drivers\aec.sys                                          [MANUAL] aec
Service  C:\WINDOWS\System32\drivers\afd.sys                                          [SYSTEM] AFD
Service                                                                               [DISABLED] Aha154x
Service                                                                               [DISABLED] aic78u2
Service                                                                               [DISABLED] aic78xx
Service  C:\WINDOWS\system32\svchost.exe                                              [DISABLED] Alerter
Service  C:\WINDOWS\System32\alg.exe                                                  [MANUAL] ALG
Service                                                                               [DISABLED] AliIde
Service  C:\WINDOWS\system32\DRIVERS\AmdK8.sys                                        [SYSTEM] AmdK8
Service  C:\WINDOWS\system32\drivers\amon.sys                                         [AUTO] AMON
Service                                                                               [DISABLED] amsint
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] AppMgmt
Service                                                                               [DISABLED] asc
Service                                                                               [DISABLED] asc3350p
Service                                                                               [DISABLED] asc3550
Service                                                                               ASP.NET
Service                                                                               ASP.NET_2.0.50727
Service  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe               [MANUAL] aspnet_state
Service  C:\WINDOWS\system32\DRIVERS\asyncmac.sys                                     [MANUAL] AsyncMac
Service  C:\WINDOWS\system32\DRIVERS\atapi.sys                                        [BOOT] atapi
Service                                                                               [DISABLED] Atdisk
Service  C:\WINDOWS\system32\DRIVERS\atksgt.sys                                       [AUTO] atksgt
Service  C:\WINDOWS\system32\DRIVERS\atmarpc.sys                                      [MANUAL] Atmarpc
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] AudioSrv
Service  C:\WINDOWS\system32\DRIVERS\audstub.sys                                      [MANUAL] audstub
Service  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys                      [SYSTEM] AVG Anti-Spyware Driver
Service  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe                      [AUTO] AVG Anti-Spyware Guard
Service  C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys                                     [SYSTEM] AvgAsCln
Service                                                                               BattC
Service                                                                               [SYSTEM] Beep
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] BITS
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] Browser
Service                                                                               [DISABLED] cbidf2k
Service                                                                               [DISABLED] cd20xrnt
Service                                                                               [SYSTEM] Cdaudio
Service                                                                               [DISABLED] Cdfs
Service  C:\WINDOWS\system32\DRIVERS\cdrom.sys                                        [SYSTEM] Cdrom
Service                                                                               [SYSTEM] Changer
Service  C:\WINDOWS\system32\cisvc.exe                                                [MANUAL] CiSvc
Service  C:\WINDOWS\system32\clipsrv.exe                                              [DISABLED] ClipSrv
Service  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe                   [MANUAL] clr_optimization_v2.0.50727_32
Service                                                                               [DISABLED] CmdIde
Service  C:\WINDOWS\system32\dllhost.exe                                              [MANUAL] COMSysApp
Service                                                                               ContentFilter
Service                                                                               ContentIndex
Service                                                                               [DISABLED] Cpqarray
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] CryptSvc
Service  C:\WINDOWS\system32\drivers\ctac32k.sys                                      [MANUAL] ctac32k
Service  C:\WINDOWS\system32\drivers\ctaud2k.sys                                      [MANUAL] ctaud2k
Service  C:\WINDOWS\system32\drivers\ctdvda2k.sys                                     [MANUAL] ctdvda2k
Service  C:\WINDOWS\system32\drivers\ctprxy2k.sys                                     [MANUAL] ctprxy2k
Service  C:\WINDOWS\system32\drivers\ctsfm2k.sys                                      [MANUAL] ctsfm2k
Service                                                                               [DISABLED] dac2w2k
Service                                                                               [DISABLED] dac960nt
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] DcomLaunch
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] Dhcp
Service  C:\WINDOWS\system32\DRIVERS\disk.sys                                         [BOOT] Disk
Service  C:\WINDOWS\System32\dmadmin.exe                                              [MANUAL] dmadmin
Service  C:\WINDOWS\System32\drivers\dmboot.sys                                       [DISABLED] dmboot
Service  C:\WINDOWS\System32\drivers\dmio.sys                                         [BOOT] dmio
Service  C:\WINDOWS\System32\drivers\dmload.sys                                       [BOOT] dmload
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] dmserver
Service  C:\WINDOWS\system32\drivers\DMusic.sys                                       [MANUAL] DMusic
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] Dnscache
Service                                                                               [DISABLED] dpti2o
Service  C:\WINDOWS\system32\drivers\drmkaud.sys                                      [MANUAL] drmkaud
Service  System32\Drivers\dtscsi.sys                                                  [MANUAL] dtscsi
Service  C:\WINDOWS\system32\drivers\emupia2k.sys                                     [MANUAL] emupia
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] ERSvc
Service  C:\WINDOWS\system32\services.exe                                             [AUTO] Eventlog
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] EventSystem
Service                                                                               [DISABLED] Fastfat
Service  C:\WINDOWS\System32\svchost.exe                                              [MANUAL] FastUserSwitchingCompatibility
Service  C:\WINDOWS\system32\DRIVERS\fdc.sys                                          [MANUAL] Fdc
Service                                                                               [SYSTEM] Fips
Service  C:\WINDOWS\system32\DRIVERS\flpydisk.sys                                     [MANUAL] Flpydisk
Service  C:\WINDOWS\system32\DRIVERS\fltMgr.sys                                       [BOOT] FltMgr
Service                                                                               [SYSTEM] Fs_Rec
Service  C:\WINDOWS\system32\DRIVERS\ftdisk.sys                                       [BOOT] Ftdisk
Service  C:\WINDOWS\system32\giveio.sys                                               [BOOT] giveio
Service  C:\WINDOWS\System32\DRIVERS\gmer.sys                                         [MANUAL] gmer
Service  G:\INSTALL\GMSIPCI.SYS                                                       [MANUAL] GMSIPCI
Service  C:\WINDOWS\system32\DRIVERS\msgpc.sys                                        [MANUAL] Gpc
Service                                                                               [MANUAL] GVCplDrv
Service  C:\WINDOWS\system32\drivers\ha10kx2k.sys                                     [MANUAL] ha10kx2k
Service  C:\WINDOWS\system32\DRIVERS\hamachi.sys                                      [MANUAL] hamachi
Service  C:\WINDOWS\system32\drivers\hap16v2k.sys                                     [MANUAL] hap16v2k
Service  C:\WINDOWS\system32\drivers\hap17v2k.sys                                     [MANUAL] hap17v2k
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] helpsvc
Service  C:\WINDOWS\System32\svchost.exe                                              [DISABLED] HidServ
Service                                                                               [DISABLED] hpn
Service  C:\WINDOWS\System32\Drivers\HTTP.sys                                         [MANUAL] HTTP
Service  C:\WINDOWS\System32\svchost.exe                                              [MANUAL] HTTPFilter
Service                                                                               [SYSTEM] i2omgmt
Service                                                                               [DISABLED] i2omp
Service  C:\WINDOWS\system32\DRIVERS\i8042prt.sys                                     [SYSTEM] i8042prt
Service  C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe  [MANUAL] IDriverT
Service  C:\WINDOWS\system32\DRIVERS\imapi.sys                                        [SYSTEM] Imapi
Service  C:\WINDOWS\system32\imapi.exe                                                [MANUAL] ImapiService
Service  C:\WINDOWS\system32\drivers\InCDFs.sys                                       [DISABLED] InCDfs
Service  C:\WINDOWS\system32\drivers\InCDPass.sys                                     [SYSTEM] InCDPass
Service                                                                               [SYSTEM] InCDrec
Service  C:\WINDOWS\system32\drivers\InCDRm.sys                                       [SYSTEM] incdrm
Service  C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe                                [AUTO] InCDsrv
Service                                                                               inetaccs
Service                                                                               [DISABLED] ini910u
Service                                                                               Inport
Service                                                                               [DISABLED] IntelIde
Service  C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys                                        [MANUAL] Ip6Fw
Service  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys                                     [MANUAL] IpFilterDriver
Service  C:\WINDOWS\system32\DRIVERS\ipinip.sys                                       [MANUAL] IpInIp
Service  C:\WINDOWS\system32\DRIVERS\ipnat.sys                                        [MANUAL] IpNat
Service  C:\WINDOWS\system32\DRIVERS\ipsec.sys                                        [SYSTEM] IPSec
Service  C:\WINDOWS\system32\DRIVERS\irda.sys                                         [AUTO] irda
Service  C:\WINDOWS\system32\DRIVERS\irenum.sys                                       [MANUAL] IRENUM
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] Irmon
Service  C:\WINDOWS\system32\DRIVERS\irsir.sys                                        [MANUAL] irsir
Service                                                                               ISAPISearch
Service  C:\WINDOWS\system32\DRIVERS\isapnp.sys                                       [BOOT] isapnp
Service  C:\WINDOWS\system32\DRIVERS\kbdclass.sys                                     [SYSTEM] Kbdclass
Service  C:\WINDOWS\system32\drivers\kmixer.sys                                       [MANUAL] kmixer
Service                                                                               [BOOT] KSecDD
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] lanmanserver
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] lanmanworkstation
Service                                                                               [SYSTEM] lbrtfdc
Service                                                                               ldap
Service                                                                               LicenseService
Service  C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                       [AUTO] lirsgt
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] LmHosts
Service  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE              [AUTO] MDM
Service  C:\WINDOWS\system32\svchost.exe                                              [DISABLED] Messenger
Service                                                                               [SYSTEM] mnmdd
Service  C:\WINDOWS\system32\mnmsrvc.exe                                              [MANUAL] mnmsrvc
Service                                                                               [MANUAL] Modem
Service  C:\WINDOWS\system32\DRIVERS\mouclass.sys                                     [SYSTEM] Mouclass
Service                                                                               [BOOT] MountMgr
Service                                                                               [DISABLED] mraid35x
Service  C:\WINDOWS\system32\DRIVERS\mrxdav.sys                                       [MANUAL] MRxDAV
Service  C:\WINDOWS\system32\DRIVERS\mrxsmb.sys                                       [SYSTEM] MRxSmb
Service  C:\WINDOWS\system32\msdtc.exe                                                [MANUAL] MSDTC
Service                                                                               [SYSTEM] Msfs
Service  C:\WINDOWS\system32\msiexec.exe                                              [MANUAL] MSIServer
Service  C:\WINDOWS\system32\drivers\MSKSSRV.sys                                      [MANUAL] MSKSSRV
Service  C:\WINDOWS\system32\drivers\MSPCLOCK.sys                                     [MANUAL] MSPCLOCK
Service  C:\WINDOWS\system32\drivers\MSPQM.sys                                        [MANUAL] MSPQM
Service  C:\WINDOWS\system32\DRIVERS\mssmbios.sys                                     [MANUAL] mssmbios
Service                                                                               [BOOT] Mup
Service  C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe                     [MANUAL] NBService
Service                                                                               [BOOT] NDIS
Service  C:\WINDOWS\system32\DRIVERS\ndistapi.sys                                     [MANUAL] NdisTapi
Service  C:\WINDOWS\system32\DRIVERS\ndisuio.sys                                      [MANUAL] Ndisuio
Service  C:\WINDOWS\system32\DRIVERS\ndiswan.sys                                      [MANUAL] NdisWan
Service                                                                               [MANUAL] NDProxy
Service  C:\WINDOWS\system32\DRIVERS\netbios.sys                                      [SYSTEM] NetBIOS
Service  C:\WINDOWS\system32\DRIVERS\netbt.sys                                        [SYSTEM] NetBT
Service  C:\WINDOWS\system32\netdde.exe                                               [DISABLED] NetDDE
Service  C:\WINDOWS\system32\netdde.exe                                               [DISABLED] NetDDEdsdm
Service  C:\WINDOWS\system32\lsass.exe                                                [MANUAL] Netlogon
Service  C:\WINDOWS\System32\svchost.exe                                              [MANUAL] Netman
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] Nla
Service  C:\Program Files\Eset\nod32krn.exe                                           [AUTO] NOD32krn
Service                                                                               [SYSTEM] Npfs
Service  G:\NTACCESS.sys                                                              [MANUAL] NTACCESS
Service                                                                               [DISABLED] Ntfs
Service  C:\WINDOWS\system32\lsass.exe                                                [MANUAL] NtLmSsp
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] NtmsSvc
Service                                                                               [SYSTEM] Null
Service  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                     [MANUAL] nv
Service  C:\WINDOWS\system32\DRIVERS\NVENETFD.sys                                     [MANUAL] NVENETFD
Service  C:\WINDOWS\system32\DRIVERS\nvnetbus.sys                                     [MANUAL] nvnetbus
Service  C:\WINDOWS\system32\nvsvc32.exe                                              [AUTO] NVSvc
Service  C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys                                     [MANUAL] NwlnkFlt
Service  C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys                                     [MANUAL] NwlnkFwd
Service  C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE         [MANUAL] ose
Service  C:\WINDOWS\system32\drivers\ctoss2k.sys                                      [MANUAL] ossrv
Service  C:\WINDOWS\system32\DRIVERS\parport.sys                                      [MANUAL] Parport
Service                                                                               [BOOT] PartMgr
Service                                                                               [AUTO] ParVdm
Service  C:\WINDOWS\system32\DRIVERS\pci.sys                                          [BOOT] PCI
Service                                                                               [SYSTEM] PCIDump
Service  C:\WINDOWS\system32\DRIVERS\pciide.sys                                       [BOOT] PCIIde
Service                                                                               [DISABLED] Pcmcia
Service                                                                               [MANUAL] PDCOMP
Service                                                                               [MANUAL] PDFRAME
Service                                                                               [MANUAL] PDRELI
Service                                                                               [MANUAL] PDRFRAME
Service                                                                               [DISABLED] perc2
Service                                                                               [DISABLED] perc2hib
Service                                                                               PerfDisk
Service                                                                               PerfNet
Service                                                                               PerfOS
Service                                                                               PerfProc
Service  C:\WINDOWS\system32\drivers\pfc.sys                                          [MANUAL] pfc
Service  C:\WINDOWS\system32\drivers\PfModNT.sys                                      [AUTO] PfModNT
Service  C:\WINDOWS\system32\services.exe                                             [AUTO] PlugPlay
Service  C:\WINDOWS\system32\lsass.exe                                                [AUTO] PolicyAgent
Service  C:\WINDOWS\system32\DRIVERS\raspptp.sys                                      [MANUAL] PptpMiniport
Service                                                                               [SYSTEM] PQNTDrv
Service  C:\WINDOWS\system32\DRIVERS\processr.sys                                     [SYSTEM] Processor
Service  C:\WINDOWS\system32\lsass.exe                                                [AUTO] ProtectedStorage
Service  C:\WINDOWS\system32\DRIVERS\psched.sys                                       [MANUAL] PSched
Service  C:\WINDOWS\system32\DRIVERS\ptilink.sys                                      [MANUAL] Ptilink
Service  C:\WINDOWS\System32\Drivers\PxHelp20.sys                                     [BOOT] PxHelp20
Service                                                                               [DISABLED] ql1080
Service                                                                               [DISABLED] Ql10wnt
Service                                                                               [DISABLED] ql12160
Service                                                                               [DISABLED] ql1240
Service                                                                               [DISABLED] ql1280
Service  C:\WINDOWS\system32\DRIVERS\rasacd.sys                                       [SYSTEM] RasAcd
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] RasAuto
Service  C:\WINDOWS\system32\DRIVERS\rasirda.sys                                      [MANUAL] Rasirda
Service  C:\WINDOWS\system32\DRIVERS\rasl2tp.sys                                      [MANUAL] Rasl2tp
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] RasMan
Service  C:\WINDOWS\system32\DRIVERS\raspppoe.sys                                     [MANUAL] RasPppoe
Service  C:\WINDOWS\system32\DRIVERS\raspti.sys                                       [MANUAL] Raspti
Service  C:\WINDOWS\system32\DRIVERS\rdbss.sys                                        [SYSTEM] Rdbss
Service  C:\WINDOWS\System32\DRIVERS\RDPCDD.sys                                       [SYSTEM] RDPCDD
Service                                                                               RDPDD
Service  C:\WINDOWS\system32\DRIVERS\rdpdr.sys                                        [MANUAL] rdpdr
Service                                                                               RDPNP
Service                                                                               [MANUAL] RDPWD
Service  C:\WINDOWS\system32\sessmgr.exe                                              [MANUAL] RDSessMgr
Service  C:\WINDOWS\system32\DRIVERS\redbook.sys                                      [SYSTEM] redbook
Service  C:\WINDOWS\system32\svchost.exe                                              [DISABLED] RemoteAccess
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] RemoteRegistry
Service  C:\WINDOWS\system32\locator.exe                                              [MANUAL] RpcLocator
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] RpcSs
Service  C:\WINDOWS\system32\rsvp.exe                                                 [MANUAL] RSVP
Service  C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys                                      [MANUAL] RTL8023xp
Service  C:\WINDOWS\system32\DRIVERS\RTL8139.SYS                                      [MANUAL] rtl8139
Service  C:\WINDOWS\system32\lsass.exe                                                [AUTO] SamSs
Service  C:\WINDOWS\System32\SCardSvr.exe                                             [MANUAL] SCardSvr
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] Schedule
Service  C:\WINDOWS\system32\DRIVERS\secdrv.sys                                       [AUTO] Secdrv
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] seclogon
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] SENS
Service  C:\WINDOWS\system32\DRIVERS\SER120.sys                                       [MANUAL] SER120
Service  C:\WINDOWS\system32\DRIVERS\serenum.sys                                      [MANUAL] serenum
Service  C:\WINDOWS\system32\DRIVERS\serial.sys                                       [SYSTEM] Serial
Service  G:\NTGLM7X.sys                                                               [MANUAL] SetupNTGLM7X
Service  C:\WINDOWS\System32\drivers\sfdrv01.sys                                      [BOOT] sfdrv01
Service  C:\WINDOWS\System32\drivers\sfhlp02.sys                                      [BOOT] sfhlp02
Service                                                                               [SYSTEM] Sfloppy
Service  C:\WINDOWS\System32\drivers\sfsync04.sys                                     [BOOT] sfsync04
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] SharedAccess
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] ShellHWDetection
Service                                                                               [DISABLED] Simbad
Service                                                                               [DISABLED] Sparrow
Service  C:\WINDOWS\system32\speedfan.sys                                             [BOOT] speedfan
Service  C:\WINDOWS\system32\drivers\splitter.sys                                     [MANUAL] splitter
Service  C:\WINDOWS\system32\spoolsv.exe                                              [AUTO] Spooler
Service  C:\WINDOWS\System32\Drivers\sptd.sys                                         [BOOT] sptd
Service  C:\WINDOWS\system32\DRIVERS\sr.sys                                           [DISABLED] sr
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] srservice
Service  C:\WINDOWS\system32\DRIVERS\srv.sys                                          [MANUAL] Srv
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] SSDPSRV
Service  C:\WINDOWS\system32\DRIVERS\st3bus28.sys                                     [MANUAL] st3bus28
Service  C:\WINDOWS\system32\DRIVERS\st3mp28.sys                                      [MANUAL] st3mp28
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] stisvc
Service  C:\WINDOWS\system32\DRIVERS\swenum.sys                                       [MANUAL] swenum
Service  C:\WINDOWS\system32\drivers\swmidi.sys                                       [MANUAL] swmidi
Service  C:\WINDOWS\system32\dllhost.exe                                              [MANUAL] SwPrv
Service                                                                               [DISABLED] symc810
Service                                                                               [DISABLED] symc8xx
Service                                                                               [DISABLED] sym_hi
Service                                                                               [DISABLED] sym_u3
Service  C:\WINDOWS\system32\drivers\sysaudio.sys                                     [MANUAL] sysaudio
Service  C:\WINDOWS\system32\smlogsvc.exe                                             [MANUAL] SysmonLog
Service  C:\WINDOWS\System32\svchost.exe                                              [MANUAL] TapiSrv
Service  C:\WINDOWS\system32\DRIVERS\tcpip.sys                                        [SYSTEM] Tcpip
Service                                                                               [MANUAL] TDPIPE
Service                                                                               [MANUAL] TDTCP
Service  C:\WINDOWS\system32\DRIVERS\termdd.sys                                       [SYSTEM] TermDD
Service  C:\WINDOWS\System32\svchost.exe                                              [MANUAL] TermService
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] Themes
Service  C:\WINDOWS\system32\tlntsvr.exe                                              [DISABLED] TlntSvr
Service                                                                               [DISABLED] TosIde
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] TrkWks
Service                                                                               TSDDD
Service                                                                               [DISABLED] Udfs
Service                                                                               [DISABLED] ultra
Service  C:\WINDOWS\system32\wdfmgr.exe                                               [AUTO] UMWdf
Service  C:\WINDOWS\system32\DRIVERS\update.sys                                       [MANUAL] Update
Service  C:\WINDOWS\system32\svchost.exe                                              [MANUAL] upnphost
Service  C:\WINDOWS\System32\ups.exe                                                  [MANUAL] UPS
Service                                                                               usb
Service  C:\WINDOWS\system32\DRIVERS\usbehci.sys                                      [MANUAL] usbehci
Service  C:\WINDOWS\system32\DRIVERS\usbhub.sys                                       [MANUAL] usbhub
Service  C:\WINDOWS\system32\DRIVERS\usbohci.sys                                      [MANUAL] usbohci
Service  C:\WINDOWS\system32\DRIVERS\usbprint.sys                                     [MANUAL] usbprint
Service  C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS                                      [MANUAL] USBSTOR
Service  C:\WINDOWS\System32\drivers\vga.sys                                          [SYSTEM] VgaSave
Service                                                                               [DISABLED] ViaIde
Service                                                                               [BOOT] VolSnap
Service  C:\WINDOWS\System32\vssvc.exe                                                [MANUAL] VSS
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] W32Time
Service                                                                               W3SVC
Service  C:\WINDOWS\system32\DRIVERS\wanarp.sys                                       [MANUAL] Wanarp
Service                                                                               [MANUAL] WDICA
Service  C:\WINDOWS\system32\drivers\wdmaud.sys                                       [MANUAL] wdmaud
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] WebClient
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] winmgmt
Service                                                                               [MANUAL] Winsock
Service                                                                               WinSock2
Service                                                                               WinTrust
Service  C:\WINDOWS\System32\svchost.exe                                              [MANUAL] WmdmPmSN
Service  C:\WINDOWS\System32\svchost.exe                                              [MANUAL] Wmi
Service                                                                               WmiApRpl
Service  C:\WINDOWS\system32\wbem\wmiapsrv.exe                                        [MANUAL] WmiApSrv
Service  C:\WINDOWS\System32\drivers\ws2ifsl.sys                                      [SYSTEM] WS2IFSL
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] wscsvc
Service  C:\WINDOWS\system32\svchost.exe                                              [AUTO] wuauserv
Service  C:\WINDOWS\System32\svchost.exe                                              [AUTO] WZCSVC
Service  C:\WINDOWS\System32\svchost.exe                                              [MANUAL] xmlprov
Service                                                                               {05892524-4C5A-4FC6-8ABC-0ED87BBED890}
Service                                                                               {5A4064D1-99C3-4869-9DB0-5E7FA61C458F}
Service                                                                               {DC68E865-E475-4D62-963B-0E69C4408D96}
Service                                                                               [MANUAL] ab7ina7z

---- EOF - GMER 1.0.12 ----


2)

[code]
GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-09 16:35:39
Windows 5.1.2600 Dodatek Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text USBPORT.SYS!DllUnload F6EB862C 5 Bytes JMP 865A8960
? System32\Drivers\ab7ina7z.SYS Nie można odnaleźć określonego pliku.

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D11D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D11D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86331980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86331980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 848B31D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 848B31D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 848B31D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8656B578
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8656B578
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8656B578
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8656B578
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8656B578
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8656B578
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8656B578
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 8656F980
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 8656F980
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8656F980
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8656F980
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 8656F980
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8656F980
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 8656F980
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867641D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867641D8
Device \Driver\00000037 \Device\00000056 IRP_MJ_POWER [F7413C7E] sptd.sys
Device \Driver\00000037 \Device\00000056 IRP_MJ_SYSTEM_CONTROL [F742D2A2] sptd.sys
Device \Driver\00000037 \Device\00000056 IRP_MJ_PNP [F742E228] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867D31D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86572980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86572980
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867D31D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867D31D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86572980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86572980
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 867D21D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 867D21D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 867D21D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F739BA6C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 867D21D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 867D21D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 867D21D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D21D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D21D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D21D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F739BA6C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D21D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D21D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D21D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 867D21D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 867D21D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 867D21D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F739BA6C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 867D21D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 867D21D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 867D21D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 867D21D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 867D21D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 867D21D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F739BA6C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 867D21D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTRO

[wojtas]

tez w logu nic nie widze