Skocz do zawartości


Zdjęcie

Logi - Długi okres bez antyvirusa


 • Zamknięty Temat jest zamknięty
36 odpowiedzi w tym temacie

#21 Maciej13

Maciej13

  SecurityMaster

 • 261 postów

Napisano 19 06 2007 - 21:26

Pozamykaj dziurawe porty narzędziem Windows Worms Doors Cleaner. Wszystkie znaczki mają być na zielono! Po użyciu zresetuj komputer.

Pobierz narzędzie The Avenger.

Uruchom program w Trybie Awaryjnym i zaznacz opcję Input script manually. Następnie kliknij w "lupkę" po prawej stronie okna programu, a w okienku które Ci się otworzy wklej taki tekst:

Drivers to unload:

Winkbpk

Files to delete:

C:\WINDOWS\System32\Winkbpk.exe
C:\Program Files\Jpu5.exe
C:\Program Files\Ghm10.exe
C:\Program Files\Djd1.exe
C:\Program Files\Yyn10.exe
C:\Program Files\Ulu1.exe
C:\Program Files\Hw5.exe
C:\Program Files\Mcp1.exe
C:\Program Files\Jdh10.exe
C:\Program Files\Nf1.exe
C:\Program Files\Uix10.exe
C:\Program Files\Bu1.exe
C:\Program Files\Gxa1.exe
C:\Program Files\RwB.exe
C:\Program Files\Lbs1.exe
C:\Program Files\Szu4.exe
C:\Program Files\Efw1.exe
C:\Program Files\QhqE.exe
C:\Program Files\SlF.exe
C:\Program Files\Fzm1.exe
C:\Program Files\OqsE.exe
C:\Program Files\Rz1.exe
C:\Program Files\Vlg1.exe
C:\Program Files\Tny1.exe
C:\Program Files\DymF.exe
C:\Program Files\Yv1.exe
C:\Program Files\Dwu6.exe
C:\Program Files\Jo1.exe
C:\Program Files\Jot8.exe
C:\Program Files\Ev1.exe
C:\Program Files\Znh4.exe
C:\Program Files\Gx1.exe
C:\Program Files\NpoE.exe
C:\Program Files\Tl1.exe
C:\Program Files\Hre7.exe
C:\Program Files\Te1.exe
C:\Program Files\Fmo1.exe
C:\Program Files\Wrh1.exe
C:\Program Files\RkC.exe
C:\Program Files\Qfq1.exe
C:\WINDOWS\system32\bszip.dll
C:\onoes.exe
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\cmd.com
C:\Program Files\Fy13.exe
C:\Program Files\Om1.exe
C:\Program Files\Pa3.exe
C:\Program Files\Lln1.exe

Folders to delete:

C:\Program Files\outlook

Registry values to delete: 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run" | "outlook"

Kliknij klawisz Done, a następnie 'zielone światełko'. Na komunikat który się wyświetli odpowiadasz OK.

O23 - Service: Winkbpk - Unknown owner - C:\WINDOWS\System32\Winkbpk.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

Wpisy zafixuj w Hijack This!

Po pracy nowe logi!

 • 0

#22 diablllooo

diablllooo

  Początkujący

 • 18 postów

Napisano 20 06 2007 - 16:01

Logfile of HijackThis v1.99.1
Scan saved at 15:59:00, on 2007-06-20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Winkmvp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Messenger\msmsgsgmw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRARcbu.exe
C:\DOCUME~1\Karol\USTAWI~1\Temp\Rar$EX00.422\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Winkmvp - Unknown owner - C:\WINDOWS\System32\Winkmvp.exe
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" [file not found]
"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "&Do osób..."
-> {HKLM...CLSID} = "&Do osób..."
\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [file not found]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"Tylko do tego momentu, bo potem jakis blad wyskakuje.

 • 0

#23 Maciej13

Maciej13

  SecurityMaster

 • 261 postów

Napisano 20 06 2007 - 17:49

A ComboFix?
 • 0

#24 diablllooo

diablllooo

  Początkujący

 • 18 postów

Napisano 20 06 2007 - 20:33

ComboFix 07-06-18.2 - C:\Documents and Settings\Karol\Pulpit\ComboFix.exe
"Karol" - 2007-06-20 20:03:46 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))


2007-06-20 19:57 10,240 --a------ C:\Program Files\Kkr1.exe
2007-06-20 15:17 <DIR> d-------- C:\Program Files\7-Zip
2007-06-20 13:46 10,240 --a------ C:\Program Files\UrF.exe
2007-06-20 09:04 10,240 --a------ C:\Program Files\Ic10.exe
2007-06-20 09:03 10,240 --a------ C:\Program Files\Gll1.exe
2007-06-19 23:19 10,240 --a------ C:\Program Files\Xex2.exe
2007-06-19 22:52 10,240 --a------ C:\Program Files\Jf8.exe
2007-06-19 22:51 10,240 --a------ C:\Program Files\Jvi1.exe
2007-06-19 17:21 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 22:41 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-18 22:41 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-06-18 22:41 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Start
2007-06-18 22:41 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-06-18 22:41 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Szablony
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ulubione
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Pulpit
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-06-18 22:36 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-17 18:07 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-17 18:07 <DIR> d-------- C:\Program Files\EA GAMES
2007-06-17 15:13 <DIR> d-------- C:\Program Files\Volleyball Manager
2007-06-06 08:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-06 08:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-06 08:05 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-06 08:05 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-06-06 08:05 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-06-06 08:05 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-06-06 08:03 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-05 22:20 4 --a------ C:\WINDOWS\system32\proc625010911.bin
2007-06-05 22:20 <DIR> d-------- C:\DOCUME~1\Karol\DANEAP~1\GanymedeNet
2007-06-03 18:51 <DIR> d-------- C:\Program Files\GSC Game World
2007-06-01 12:40 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-01 08:14 <DIR> d-------- C:\Program Files\AC3Filter
2007-06-01 08:08 <DIR> d-------- C:\Program Files\BearShare
2007-06-01 08:08 <DIR> d-------- C:\My Downloads
2007-05-23 19:19 <DIR> d-------- C:\WINDOWS\Cache
2007-05-22 18:25 <DIR> d-------- C:\Program Files\EA SPORTS
2007-05-22 18:23 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-05-22 18:23 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-05-22 18:22 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-05-22 18:22 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-05-22 18:22 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-05-22 18:22 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-05-22 18:22 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-05-22 18:22 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-05-22 18:22 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-05-22 18:22 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2007-05-22 18:22 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-05-22 18:22 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-05-22 18:22 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-05-22 18:22 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-05-22 18:22 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-05-22 18:22 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-05-22 18:22 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-05-22 18:22 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-05-22 18:22 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-05-22 18:22 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-05-22 18:22 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-05-22 18:22 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-22 18:22 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-05-22 18:22 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-05-22 18:22 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-05-22 18:22 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-05-22 18:22 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-05-22 18:22 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-05-22 18:22 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-05-22 18:22 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-05-22 18:22 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-05-22 18:22 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-05-22 18:22 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-05-22 18:22 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-05-22 18:22 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-05-22 18:22 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-05-22 18:22 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-05-22 18:22 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-05-22 18:22 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-05-22 18:22 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-05-22 18:22 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-05-22 18:22 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-05-22 18:22 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-05-22 18:22 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-05-22 18:22 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-05-22 18:22 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-05-22 18:22 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-05-22 18:22 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-05-22 18:22 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-05-22 18:22 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2007-05-22 18:22 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-05-22 18:22 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-05-22 18:22 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-05-22 18:22 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-05-22 18:22 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-05-22 18:22 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-05-22 18:22 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-05-22 18:22 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-22 18:21 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-05-22 18:21 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-05-22 18:21 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-05-22 18:21 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-05-22 18:21 723,968 --a------ C:\WINDOWS\system32\dpnet.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 13:47:12 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Skype
2007-06-19 17:49:33 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-19 17:49:33 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-13 19:27:40 2,320 ----a-w C:\WINDOWS\mozver.dat
2007-06-03 16:51:45 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-23 17:08:54 -------- d-----w C:\Program Files\Gadu-Gadu
2007-05-22 15:59:24 -------- d-----w C:\Program Files\Messenger
2007-04-12 10:31:21 95,368 --sha-r C:\WINDOWS\system32\Winkmvp.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 00:17]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"SoundMan"="SOUNDMAN.EXE" []
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 08:14]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 20:04:09
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-20 20:04:35
C:\ComboFix2.txt ... 2007-06-19 17:29

--- E O F ---
 • 0

#25 Maciej13

Maciej13

  SecurityMaster

 • 261 postów

Napisano 21 06 2007 - 12:11

Wklejasz i usuwasz The Avenegr`em:

Drivers to unload:

Winkmvp

Files to delete:

C:\WINDOWS\system32\Winkmvp.exe
C:\Program Files\Kkr1.exe
C:\Program Files\UrF.exe
C:\Program Files\Ic10.exe
C:\Program Files\Gll1.exe
C:\Program Files\Xex2.exe
C:\Program Files\Jf8.exe
C:\Program Files\Jvi1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
O23 - Service: Winkmvp - Unknown owner - C:\WINDOWS\System32\Winkmvp.exe

Fix w Hjt.

jakis blad


Może uchylisz rąbek tajemnicy? Dołączona grafika

Po pracy nowe logi.
 • 0

#26 diablllooo

diablllooo

  Początkujący

 • 18 postów

Napisano 21 06 2007 - 21:45

Logfile of HijackThis v1.99.1
Scan saved at 21:35, on 2007-06-21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Winkov.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgsgmw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Karol\USTAWI~1\Temp\Rar$EX00.922\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Winkov - Unknown owner - C:\WINDOWS\System32\Winkov.exe"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" [file not found]
"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "&Do osób..."
-> {HKLM...CLSID} = "&Do osób..."
\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [file not found]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"


ComboFix 07-06-18.2 - C:\Documents and Settings\Karol\Pulpit\ComboFix.exe
"Karol" - 2007-06-21 21:41:36 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-21 20:46 10,240 --a------ C:\Program Files\Fkq1.exe
2007-06-21 18:38 10,240 --a------ C:\Program Files\JftF.exe
2007-06-21 18:34 10,240 --a------ C:\Program Files\Fj1.exe
2007-06-21 17:56 10,240 --a------ C:\Program Files\DyeC.exe
2007-06-21 17:55 10,240 --a------ C:\Program Files\Vzz1.exe
2007-06-20 15:17 <DIR> d-------- C:\Program Files\7-Zip
2007-06-19 17:21 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 22:41 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-18 22:41 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-06-18 22:41 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Start
2007-06-18 22:41 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-06-18 22:41 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Szablony
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ulubione
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Pulpit
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-06-18 22:36 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-17 18:07 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-17 18:07 <DIR> d-------- C:\Program Files\EA GAMES
2007-06-17 15:13 <DIR> d-------- C:\Program Files\Volleyball Manager
2007-06-06 08:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-06 08:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-06 08:05 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-06 08:05 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-06-06 08:05 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-06-06 08:05 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-06-06 08:03 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-05 22:20 4 --a------ C:\WINDOWS\system32\proc625010911.bin
2007-06-05 22:20 <DIR> d-------- C:\DOCUME~1\Karol\DANEAP~1\GanymedeNet
2007-06-03 18:51 <DIR> d-------- C:\Program Files\GSC Game World
2007-06-01 12:40 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-01 08:14 <DIR> d-------- C:\Program Files\AC3Filter
2007-06-01 08:08 <DIR> d-------- C:\Program Files\BearShare
2007-06-01 08:08 <DIR> d-------- C:\My Downloads
2007-05-23 19:19 <DIR> d-------- C:\WINDOWS\Cache
2007-05-22 18:25 <DIR> d-------- C:\Program Files\EA SPORTS
2007-05-22 18:23 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-05-22 18:23 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-05-22 18:22 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-05-22 18:22 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-05-22 18:22 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-05-22 18:22 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-05-22 18:22 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-05-22 18:22 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-05-22 18:22 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-05-22 18:22 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2007-05-22 18:22 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-05-22 18:22 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-05-22 18:22 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-05-22 18:22 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-05-22 18:22 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-05-22 18:22 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-05-22 18:22 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-05-22 18:22 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-05-22 18:22 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-05-22 18:22 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-05-22 18:22 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-05-22 18:22 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-22 18:22 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-05-22 18:22 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-05-22 18:22 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-05-22 18:22 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-05-22 18:22 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-05-22 18:22 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-05-22 18:22 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-05-22 18:22 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-05-22 18:22 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-05-22 18:22 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-05-22 18:22 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-05-22 18:22 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-05-22 18:22 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-05-22 18:22 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-05-22 18:22 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-05-22 18:22 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-05-22 18:22 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-05-22 18:22 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-05-22 18:22 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-05-22 18:22 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-05-22 18:22 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-05-22 18:22 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-05-22 18:22 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-05-22 18:22 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-05-22 18:22 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-05-22 18:22 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-05-22 18:22 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-05-22 18:22 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2007-05-22 18:22 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-05-22 18:22 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-05-22 18:22 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-05-22 18:22 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-05-22 18:22 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-05-22 18:22 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-05-22 18:22 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-05-22 18:22 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-22 18:21 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-05-22 18:21 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-05-22 18:21 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-05-22 18:21 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-05-22 18:21 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-05-22 18:21 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-05-22 18:21 648,704 --a------ C:\WINDOWS\system32\dinput.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 18:58:06 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Skype
2007-06-19 17:49:33 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-19 17:49:33 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-13 19:27:40 2,320 ----a-w C:\WINDOWS\mozver.dat
2007-06-03 16:51:45 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-23 17:08:54 -------- d-----w C:\Program Files\Gadu-Gadu
2007-05-22 15:59:24 -------- d-----w C:\Program Files\Messenger
2007-05-18 20:54:46 93,602 --sha-r C:\WINDOWS\system32\Winkov.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 00:17]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"SoundMan"="SOUNDMAN.EXE" []
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 08:14]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 21:42:49
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 21:43:14
C:\ComboFix2.txt ... 2007-06-20 20:04
C:\ComboFix3.txt ... 2007-06-19 17:29

--- E O F ---

Załączone pliki


 • 0

#27 Maciej13

Maciej13

  SecurityMaster

 • 261 postów

Napisano 21 06 2007 - 23:17

Znowu usuwasz The Avanger`em:

Drivers to unload:

Winkov

Files to delete:

C:\WINDOWS\System32\Winkov.exe
C:\Program Files\Fkq1.exe
C:\Program Files\JftF.exe
C:\Program Files\Fj1.exe
C:\Program Files\DyeC.exe
C:\Program Files\Vzz1.exe

O23 - Service: Winkov - Unknown owner - C:\WINDOWS\System32\Winkov.exe

Fix w Hjt.

Nowe logi...
 • 0

#28 diablllooo

diablllooo

  Początkujący

 • 18 postów

Napisano 23 06 2007 - 09:33

ComboFix 07-06-18.2 - C:\Documents and Settings\Karol\Pulpit\ComboFix.exe
"Karol" - 2007-06-23 9:27:09 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


2007-06-23 09:26 10,240 --a------ C:\Program Files\Yq1.exe
2007-06-23 09:10 10,240 --a------ C:\Program Files\Bp1.exe
2007-06-23 07:42 10,240 --a------ C:\Program Files\VykF.exe
2007-06-20 15:17 <DIR> d-------- C:\Program Files\7-Zip
2007-06-19 17:21 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 22:41 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-18 22:41 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-06-18 22:41 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Start
2007-06-18 22:41 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-06-18 22:41 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Szablony
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ulubione
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Pulpit
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-06-18 22:36 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-17 18:07 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-17 18:07 <DIR> d-------- C:\Program Files\EA GAMES
2007-06-17 15:13 <DIR> d-------- C:\Program Files\Volleyball Manager
2007-06-06 08:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-06 08:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-06 08:05 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-06 08:05 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-06-06 08:05 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-06-06 08:05 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-06-06 08:03 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-05 22:20 4 --a------ C:\WINDOWS\system32\proc625010911.bin
2007-06-05 22:20 <DIR> d-------- C:\DOCUME~1\Karol\DANEAP~1\GanymedeNet
2007-06-03 18:51 <DIR> d-------- C:\Program Files\GSC Game World
2007-06-01 12:40 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-01 08:14 <DIR> d-------- C:\Program Files\AC3Filter
2007-06-01 08:08 <DIR> d-------- C:\Program Files\BearShare
2007-06-01 08:08 <DIR> d-------- C:\My Downloads
2007-05-23 19:19 <DIR> d-------- C:\WINDOWS\Cache


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-23 07:26:35 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Skype
2007-06-19 17:49:33 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-19 17:49:33 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-13 19:27:40 2,320 ----a-w C:\WINDOWS\mozver.dat
2007-06-03 16:51:45 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-23 17:08:54 -------- d-----w C:\Program Files\Gadu-Gadu
2007-05-22 16:25:10 -------- d-----w C:\Program Files\EA SPORTS
2007-05-22 15:59:24 -------- d-----w C:\Program Files\Messenger
2007-05-21 19:06:29 -------- d-----w C:\Program Files\Ahead
2007-05-21 19:06:20 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-21 09:02:29 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\U3
2007-05-21 08:56:18 92,134 --sha-r C:\WINDOWS\system32\Winkhx.exe
2006-08-18 08:11:33 94,549 --sha-r C:\WINDOWS\system32\Winkav.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 00:17]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"SoundMan"="SOUNDMAN.EXE" []
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 08:14]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]

*Newly Created Service* - WINKAV

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 09:28:25
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-23 9:28:42
C:\ComboFix2.txt ... 2007-06-21 21:43Logfile of HijackThis v1.99.1
Scan saved at 09:33:11, on 2007-06-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\Winkav.exe
C:\Program Files\Messenger\msmsgsgmw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRARcbu.exe
C:\DOCUME~1\Karol\USTAWI~1\Temp\Rar$EX00.718\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Winkav - Unknown owner - C:\WINDOWS\System32\Winkav.exe"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" [file not found]
"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "&Do osób..."
-> {HKLM...CLSID} = "&Do osób..."
\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [file not found]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"
 • 0

#29 Maciej13

Maciej13

  SecurityMaster

 • 261 postów

Napisano 23 06 2007 - 13:43

Znowu usuwasz The Avenger`em:

Drivers to unload:

Winkav 

Files to delete:

C:\WINDOWS\system32\Winkhx.exe
C:\WINDOWS\System32\Winkav.exe
C:\Program Files\Yq1.exe
C:\Program Files\Bp1.exe
C:\Program Files\VykF.exe

Nowe logi.
 • 0

#30 diablllooo

diablllooo

  Początkujący

 • 18 postów

Napisano 23 06 2007 - 17:55

Logfile of HijackThis v1.99.1
Scan saved at 17:51:43, on 2007-06-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Winkoe.exe
C:\Program Files\Kl1.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Messenger\msmsgsgmw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Jp4.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRARcbu.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Karol\USTAWI~1\Temp\Rar$EX00.500\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Winkoe - Unknown owner - C:\WINDOWS\System32\Winkoe.exe
ComboFix 07-06-18.2 - C:\Documents and Settings\Karol\Pulpit\ComboFix.exe
"Karol" - 2007-06-23 17:52:47 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


2007-06-23 17:50 10,240 --a------ C:\Program Files\Kl1.exe
2007-06-23 17:50 10,240 --a------ C:\Program Files\Jp4.exe
2007-06-23 12:47 10,240 --a------ C:\Program Files\Dt10.exe
2007-06-23 12:16 10,240 --a------ C:\Program Files\Qot1.exe
2007-06-23 12:14 <DIR> d-------- C:\Program Files\BitTorrent
2007-06-23 11:35 <DIR> d-------- C:\Program Files\LimeWire
2007-06-23 11:20 <DIR> d-------- C:\Program Files\Infogrames
2007-06-23 11:18 <DIR> d-------- C:\temp\asterixdemo
2007-06-23 11:18 <DIR> d-------- C:\temp
2007-06-23 11:05 10,240 --a------ C:\Program Files\Ye1.exe
2007-06-20 15:17 <DIR> d-------- C:\Program Files\7-Zip
2007-06-19 17:21 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 22:41 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-18 22:41 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-06-18 22:41 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Start
2007-06-18 22:41 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-06-18 22:41 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Szablony
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Ulubione
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Pulpit
2007-06-18 22:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-06-18 22:36 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-17 18:07 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-06-17 18:07 <DIR> d-------- C:\Program Files\EA GAMES
2007-06-17 15:13 <DIR> d-------- C:\Program Files\Volleyball Manager
2007-06-06 08:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-06 08:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-06 08:05 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-06 08:05 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-06-06 08:05 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-06-06 08:05 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-06-06 08:03 <DIR> d-------- C:\Program Files\Alwil Software
2007-06-05 22:20 4 --a------ C:\WINDOWS\system32\proc625010911.bin
2007-06-05 22:20 <DIR> d-------- C:\DOCUME~1\Karol\DANEAP~1\GanymedeNet
2007-06-03 18:51 <DIR> d-------- C:\Program Files\GSC Game World
2007-06-01 12:40 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-01 08:14 <DIR> d-------- C:\Program Files\AC3Filter
2007-06-01 08:08 <DIR> d-------- C:\Program Files\BearShare
2007-06-01 08:08 <DIR> d-------- C:\My Downloads
2007-05-23 19:19 <DIR> d-------- C:\WINDOWS\Cache


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-23 09:20:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-23 07:26:35 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\Skype
2007-06-19 17:49:33 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-19 17:49:33 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-13 19:27:40 2,320 ----a-w C:\WINDOWS\mozver.dat
2007-05-23 17:08:54 -------- d-----w C:\Program Files\Gadu-Gadu
2007-05-22 16:25:10 -------- d-----w C:\Program Files\EA SPORTS
2007-05-22 15:59:24 -------- d-----w C:\Program Files\Messenger
2007-05-21 19:06:29 -------- d-----w C:\Program Files\Ahead
2007-05-21 19:06:20 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-21 09:02:29 -------- d-----w C:\DOCUME~1\Karol\DANEAP~1\U3
1617-10-26 20:34:13 89,144 --sha-r C:\WINDOWS\system32\Winkoe.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 00:17]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"SoundMan"="SOUNDMAN.EXE" []
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 08:14]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32]


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 17:54:05
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-23 17:54:31
C:\ComboFix2.txt ... 2007-06-23 09:28
C:\ComboFix3.txt ... 2007-06-21 21:43

--- E O F ---
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" [file not found]
"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "&Do osób..."
-> {HKLM...CLSID} = "&Do osób..."
\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [file not found]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Karol\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"
 • 0

#31 Maciej13

Maciej13

  SecurityMaster

 • 261 postów

Napisano 23 06 2007 - 19:43

Szkodniki nadal wchodzą. Czy pozamykałeś dziurawe porty narzędziem Windows Worms Doors Cleaner?

 • 0

#32 diablllooo

diablllooo

  Początkujący

 • 18 postów

Napisano 23 06 2007 - 19:51

Przy jednym nie mozna zrobic, zeby znaczek obok byl na zielono.

http://img255.imageshack.us/my.php?image=aaaox8.png


znalazlem posta, w ktorym facet ma podobny problem do mojego, jednak tam mu nie pomogli

http://forum.idg.pl/lofiversion/index.php/t26630.html

 • 0

#33 Maciej13

Maciej13

  SecurityMaster

 • 261 postów

Napisano 23 06 2007 - 22:03

Hmmm, w WWDC jest w porządku.

Użyj SmitFraudFix z opcji 2 i pokaż później log z tejże aplikacji.
 • 0

#34 diablllooo

diablllooo

  Początkujący

 • 18 postów

Napisano 23 06 2007 - 22:47

SmitFraudFix v2.195

Scan done at 22:45:30,74, 2007-06-23
Run from C:\Documents and Settings\Karol\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
Dołączona grafika!Attention, following keys are not inevitably infected!Dołączona grafika

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Ralink RT2500 Wireless LAN Card - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 192.168.8.1
DNS Server Search Order: 194.204.152.34

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1F562149-36F1-4206-81FC-614613D5647D}: DhcpNameServer=192.168.8.1 194.204.152.34
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F562149-36F1-4206-81FC-614613D5647D}: DhcpNameServer=192.168.8.1 194.204.152.34
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1F562149-36F1-4206-81FC-614613D5647D}: DhcpNameServer=192.168.8.1 194.204.152.34
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.8.1 194.204.152.34
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.8.1 194.204.152.34
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.8.1 194.204.152.34


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
Dołączona grafika!Attention, following keys are not inevitably infected!Dołączona grafika

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
Dołączona grafika!Attention, following keys are not inevitably infected!Dołączona grafika

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 • 0

#35 Maciej13

Maciej13

  SecurityMaster

 • 261 postów

Napisano 24 06 2007 - 11:24

Pobierz GMER`a.

1. Rootkit => Szukaj => Bez zaznaczania Pokaż Wszystko => Ctrl + V Wklej do posta.
 • 0

#36 diablllooo

diablllooo

  Początkujący

 • 18 postów

Napisano 24 06 2007 - 11:45

GMER 1.0.12.12244 - http://www.gmer.net

Rootkit scan 2007-06-24 11:44:02

Windows 5.1.2600 

---- System - GMER 1.0.12 ----SSDT	sptd.sys																								 ZwCreateKey

SSDT	sptd.sys																								 ZwEnumerateKey

SSDT	sptd.sys																								 ZwEnumerateValueKey

SSDT	sptd.sys																								 ZwOpenKey

SSDT	sptd.sys																								 ZwQueryKey

SSDT	sptd.sys																								 ZwQueryValueKey

SSDT	sptd.sys																								 ZwSetValueKey---- Kernel code sections - GMER 1.0.12 ----.text  ntoskrnl.exe!FsRtlLegalAnsiCharacterArray + 130														 804F2098 4 Bytes [ D0, D0, 42, F8 ]

.text  ntoskrnl.exe!FsRtlLegalAnsiCharacterArray + 1A8														 804F2110 4 Bytes [ B2, 2F, 43, F8 ]

.text  ntoskrnl.exe!FsRtlLegalAnsiCharacterArray + 1B0														 804F2118 4 Bytes [ 40, 33, 43, F8 ]

.text  ntoskrnl.exe!FsRtlLegalAnsiCharacterArray + 268														 804F21D0 4 Bytes [ B0, D0, 42, F8 ]

.text  ntoskrnl.exe!FsRtlLegalAnsiCharacterArray + 30C														 804F2274 4 Bytes [ 18, 34, 43, F8 ]

.text  ...																									 

?	  C:\WINDOWS\system32\drivers\sptd.sys																	 Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.

.text  USBPORT.SYS!DllUnload																					F804EDBC 5 Bytes JMP 81D581C8 ---- Devices - GMER 1.0.12 ----Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE																	 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE																	 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ																	  81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE																	 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION														 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION															81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA																  81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA																	 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS															 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION												  81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION													 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL														 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL														81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL															 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN																  81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL															  81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP																	81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY															 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY															  81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA																81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA																 81F691E8

Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP																		81F691E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{1F562149-36F1-4206-81FC-614613D5647D} IRP_MJ_CREATE				  81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{1F562149-36F1-4206-81FC-614613D5647D} IRP_MJ_CLOSE					81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{1F562149-36F1-4206-81FC-614613D5647D} IRP_MJ_DEVICE_CONTROL		  81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{1F562149-36F1-4206-81FC-614613D5647D} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{1F562149-36F1-4206-81FC-614613D5647D} IRP_MJ_CLEANUP				 81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{1F562149-36F1-4206-81FC-614613D5647D} IRP_MJ_PNP					 81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{8EBB19A8-9505-4C23-AA68-3B891CE5DA7C} IRP_MJ_CREATE				  81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{8EBB19A8-9505-4C23-AA68-3B891CE5DA7C} IRP_MJ_CLOSE					81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{8EBB19A8-9505-4C23-AA68-3B891CE5DA7C} IRP_MJ_DEVICE_CONTROL		  81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{8EBB19A8-9505-4C23-AA68-3B891CE5DA7C} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{8EBB19A8-9505-4C23-AA68-3B891CE5DA7C} IRP_MJ_CLEANUP				 81B641E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{8EBB19A8-9505-4C23-AA68-3B891CE5DA7C} IRP_MJ_PNP					 81B641E8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE														  81E061E8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE															81E061E8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL										 81E061E8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER															81E061E8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP															 81E061E8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE														  81E061E8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE															81E061E8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL										 81E061E8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER															81E061E8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP															 81E061E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE												 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE												  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ													81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE												  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS										  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL										 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL								 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN												81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER												  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL										 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP													 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE													81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE													 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ													 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE													 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS											 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL											81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL								  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN												 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER													 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL											81FDC1E8

Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP													  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE													  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE														81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ														 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE														81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS												81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL											  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL									 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN													 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER														81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL											  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP														 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE													 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE													  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ														81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE													  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS											  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL											 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL									 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN													81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER													  81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL											 81FDC1E8

Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP														 81FDC1E8

Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE														  81E061E8

Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE															81E061E8

Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL										 81E061E8

Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER															81E061E8

Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP															 81E061E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE													 81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ													  81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE													 81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS											 81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL											 81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL									81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN												  81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP													81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER													 81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL											 81F6B1E8

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP														81F6B1E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE															  81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE																81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ																 81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE																81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS														81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL													  81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL											 81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN															 81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER																81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL													  81E071E8

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP																 81E071E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE													81B641E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE													 81B641E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL											81B641E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL								  81B641E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP												  81B641E8

Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP													  81B641E8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE														  81E061E8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE															81E061E8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL										 81E061E8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER															81E061E8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP															 81E061E8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE														  81E061E8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE															81E061E8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL										 81E061E8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER															81E061E8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP															 81E061E8

Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE														  81E061E8

Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE															81E061E8

Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL										 81E061E8

Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER															81E061E8

Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL												  81E061E8

Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP															 81E061E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE										 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE							  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE										  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ											817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE										  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION							  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION								 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA										817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA										 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS								  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION						817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION						 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL							  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL							 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL								 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL						 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN										817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL									817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP										 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT								 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY								 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY									817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER										  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL								 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE								  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA									 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA									  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP											 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE												817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE									 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE												 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ												 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE												 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION									 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION									  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA											 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA												817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS										 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION							 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION								817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL									 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL								  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL										817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL							  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN											 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL										 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP											  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT									  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY										817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY										 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER												 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL										817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE										 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA										  817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA											 817D31E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP												  817D31E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE														  81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ															 81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE															81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS													81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL												  81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL										 81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN														 81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP														 81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER															81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL												  81F6B1E8

Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP															 81F6B1E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE																	 81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE																	 81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ																	  81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION														 81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION															81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION												  81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL														 81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL														81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL															 81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN																  81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL															  81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP																	81B741E8

Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP																		81B741E8---- EOF - GMER 1.0.12 ----

 • 0

#37 Maciej13

Maciej13

  SecurityMaster

 • 261 postów

Napisano 25 06 2007 - 10:31

W logu nic nie widzę. Zastanawia mnie tylko, skąd ten syf nadciąga. :D Przeskanuj komputer skanerami Online - /index.php?showt...&hl=skanery Podaj później raporty ze skanowań.

 • 0
Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych