pecet19 utworzono 9 lipca 2007 utworzono 9 lipca 2007 Witam. Otóż posiadam nastepujacy problem. Kiedys zauwazylem ze nie dziala mi skrot ctrl + alt + delete. Sprobowalem wiec otworzyc menedzer zadan z dysku. I kiedy wlaczam plik taskmgr.exe wyskakuje mi blad ze system Windows nie moze odnalezc tego pliku. Nie wiem czego pojawia sie ten blad skoro posiadam ten plik. Skopiowalem plik taskmgr.exe z kompa mojego kolegi ale nadal ten sam blad. Czesto korzystalem z menedżera zadan a teraz nie moge. Prosze o pomoc.
CatchMe komentarz 9 lipca 2007 komentarz 9 lipca 2007 WEJDŹ W TRYB AWARYJNY Otwórz Notatnik i wklej w nim to : Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem] "DisableTaskMgr"=- [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionGroup Policy ObjectsLocalUserSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem] "DisableTaskMgr"=- [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] "DisableTaskMgr"=- Następnie - Plik -> Zapisz jako .... -> zmień rozszerzenie z *.txt na *.* Wszystkie pliki -> nazwa FIX.REG Uruchom plik FIX.REG klikjąc na niego 2 razy i zatwierdzając. Po restarcie zobacz czy możesz włączyć menadżera.
pecet19 komentarz 10 lipca 2007 Autor komentarz 10 lipca 2007 Zrobilem to co mi poleciles ale niestety nadal to samo. Ale chociaz wyskakuje mi komunikat ze wpis zostal pomyslnie dodany do rejestru to gdy patrze do rejestru to nie ma tam tych wpisow.
tomq90 komentarz 10 lipca 2007 komentarz 10 lipca 2007 Ja kiedyś miałem tez problem z Menadżerem Zadań Nie chciał się włączyć. Więc zrobiłem przywracanie systemu do daty w której mi działało i dział a do tej pory
CatchMe komentarz 10 lipca 2007 komentarz 10 lipca 2007 Wklej log Silent Runners zobaczymy jakie masz ustawienia rejestru.
pecet19 komentarz 10 lipca 2007 Autor komentarz 10 lipca 2007 Oto i moj log Silent Runners "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "CursorXP" = "C:Program FilesCursorXPCursorXP.exe" [" "] "eMuleAutoStart" = "C:Program FileseMule0.47cemule.exe -AutoStart" ["http://www.emule-project.net] HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun {++} "oksi.scr" = "C:Program Filesintern~1oksi.scr" [null data] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"] "Resume copy" = "copyfstq.exe /startup" [null data] "QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS] "NeroFilterCheck" = "C:windowssystem32NeroCheck.exe" ["Ahead Software Gmbh"] "ISUSPM Startup" = "C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup" [null data] "ISUSScheduler" = ""C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start" ["InstallShield Software Corporation"] "MRT" = ""C:windowssystem32MRT.exe" /R" [MS] "Windows" = "C:WINDOWSservices.exe" [null data] "SunJavaUpdateSched" = ""C:Program FilesJavajre1.6.0_01binjusched.exe"" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] {C451C08A-EC37-45DF-AAAD-18B51AB5E837}(Default) = (no title provided) -> {HKLM...CLSID} = "PDFCreator Toolbar Helper" InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" InProcServer32(Default) = "C:windowssystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:windowssystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" InProcServer32(Default) = "C:windowssystem32nvshell.dll" ["NVIDIA Corporation"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"] "{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy" -> {HKLM...CLSID} = "QCopy" InProcServer32(Default) = "dropcpyr.dll" [null data] "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio" -> {HKLM...CLSID} = "JetFlExt" InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" [file not found] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" [file not found] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"] "{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL" -> {HKLM...CLSID} = "SmartFTP Shell Extension DLL" InProcServer32(Default) = "C:Program FilesSmartFTP Client 2.0smarthook.dll" [file not found] HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options <<!>> taskmgr.exeDebugger = " " [file not found] HKLMSoftwareClassesFoldershellexColumnHandlers {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" [file not found] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt" InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt" InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoTrayIconsDisplay" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:windowssystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsSDAUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Enabled Screen Saver: --------------------- HKCUControl PanelDesktop "SCRNSAVE.EXE" = "C:windowssystem32ssmypics.scr" [MS] Startup items in "SDA" & "All Users" startup folders: ----------------------------------------------------- C:Documents and SettingsSDAMenu StartProgramyAutostart <<!>> "Emil Junior.exe" ["THOMSON Telecom Belgium"] <<!>> "YzDock.exe" ["Y'z@Home"] C:Documents and SettingsAll UsersMenu StartProgramyAutostart "Kalendarz XP" -> shortcut to: "C:Program FilesKalendarz XPKalendarz.exe" [null data] "Microsoft Office" -> shortcut to: "C:Program FilesMicrosoft OfficeOffice10OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "ArcaVir - Zadanie 0" -> WARNING -- The file "ArcaVir - Zadanie 0.job" is corrupt! (no executable) Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 12 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" -> {HKLM...CLSID} = "PDFCreator Toolbar" InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data] HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" -> {HKLM...CLSID} = "PDFCreator Toolbar" InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data] "{86227D9C-0EFE-4F8A-AA55-30386A3F5686}" -> {HKLM...CLSID} = "YourSiteBar" InProcServer32(Default) = "C:Program FilesYourSiteBarysb.dll" [file not found] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" = "PDFCreator Toolbar" -> {HKLM...CLSID} = "PDFCreator Toolbar" InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data] "{86227D9C-0EFE-4F8A-AA55-30386A3F5686}" = (no title provided) -> {HKLM...CLSID} = "YourSiteBar" InProcServer32(Default) = "C:Program FilesYourSiteBarysb.dll" [file not found] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binnpjpi160_01.dll" ["Sun Microsystems, Inc."] {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} "ButtonText" = "eBay - Homepage" "CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}" -> {HKLM...CLSID} = "Toolbar Extension for Executable" InProcServer32(Default) = "C:windowssystem32shdocvw.dll" [MS] "Exec" = "C:Program FilesIrfanViewEbayEbay.htm" [null data] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NMSAccess, NMSAccess, "C:Program FilesCheetah BurnerCheetah DVD BurnerNMSAccess.exe" [null data] NVIDIA Display Driver Service, NVSvc, "C:windowssystem32nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:windowssystem32wdfmgr.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors Monitor 2 języka BJDriver = "CNBJMON2.DLL" [MS] PDFCreatorDriver = "pdfcmnnt.dll" [null data] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 266 seconds, including 14 seconds for message boxes)
CatchMe komentarz 10 lipca 2007 komentarz 10 lipca 2007 Masz syf w komputerze więc może dlatego się system tak zachowuje. Zablokuj porty programami WWDC i Seconfig XP - Wklej logi z HijackThis i ComboFix.
pecet19 komentarz 10 lipca 2007 Autor komentarz 10 lipca 2007 Czyzby chodzilo o ta linijke? HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Options <<!>> taskmgr.exeDebugger = " " [file not found]
CatchMe komentarz 10 lipca 2007 komentarz 10 lipca 2007 Nie o inne. (pewnie to jest byczek) - Proszę o logi a nie pytania dodatkowe.
pecet19 komentarz 10 lipca 2007 Autor komentarz 10 lipca 2007 Zablokowalem porty. Oto log z HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 16:26:58, on 2007-07-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:windowsSystem32smss.exe C:windowsSYSTEM32winlogon.exe C:windowssystem32services.exe C:windowssystem32lsass.exe C:windowssystem32svchost.exe C:windowsSystem32svchost.exe C:windowssystem32spoolsv.exe C:windowsexplorer.exe C:windowssystem32cisvc.exe C:Program FilesCheetah BurnerCheetah DVD BurnerNMSAccess.exe C:windowssystem32nvsvc32.exe C:Program Filesintern~1oksi.scr C:Program FilesThomsonSpeedTouch USBDragdiag.exe C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe C:WINDOWSservices.exe C:Program FilesJavajre1.6.0_01binjusched.exe C:Program FilesCursorXPCursorXP.exe C:Program FilesKalendarz XPKalendarz.exe C:Program FilesOperaOpera.exe C:Program FilesHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = prosearching.com R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.maxior.pl/ R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchURL = prosearching.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = prosearching.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = prosearching.com R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = prosearching.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchURL = prosearching.com R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = prosearching.com R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = prosearching.com R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = prosearching.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = prosearching.com R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:Program FilesYourSiteBarysb.dll (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [NeroFilterCheck] C:windowssystem32NeroCheck.exe O4 - HKLM..Run: [iSUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup O4 - HKLM..Run: [iSUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start O4 - HKLM..Run: [MRT] "C:windowssystem32MRT.exe" /R O4 - HKLM..Run: [Windows] C:WINDOWSservices.exe O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe" O4 - HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe O4 - HKCU..Run: [eMuleAutoStart] C:Program FileseMule0.47cemule.exe -AutoStart O4 - Startup: Emil Junior.exe O4 - Startup: YzDock.exe O4 - Global Startup: Kalendarz XP.lnk = C:Program FilesKalendarz XPKalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:Program FilesIrfanViewEbayEbay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O15 - Trusted Zone: http://mks.com.pl O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLMSystemCCSServicesTcpip..{40CBCF19-5E9C-467F-A29B-C47EB9994A79}: NameServer = 80.244.140.241 80.244.128.1 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: NMSAccess - Unknown owner - C:Program FilesCheetah BurnerCheetah DVD BurnerNMSAccess.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:windowssystem32nvsvc32.exe A tutaj z programu ComboFix: "SDA" - 2007-07-10 16:33:43 - ComboFix 07-07-10.1 - Dodatek Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:Program FilesCommon Filessks~1 C:windowsb.exe C:windowscrosof~1 C:windowsNDNuninstall6_98.exe C:windowsNDNuninstall7_14.exe C:windowsservices.exe C:windowssystem32mcroso~1 C:windowssystem32wintsu.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------LEGACY_NM -------nm ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 ))))))))))))))))))))))))))))))) 2007-07-10 16:27 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-10 16:23 1,124,674 --a------ C:ComboFix.exe 2007-07-10 16:18 55,296 --a------ C:Seconfig XP.exe 2007-07-10 16:17 51,232 --a------ C:wwdc.exe 2007-07-10 16:07 <DIR> d-------- C:Program FilesSilent Runners 2007-07-10 09:42 426 --a------ C:fix.reg 2007-07-10 08:34 218,112 --a------ C:Program FilesHijackThis.exe 2007-07-07 15:48 <DIR> d-------- C:Program FilesTrackMania Nations ESWC 2007-07-05 21:57 <DIR> d-------- C:DOCUME~1SDADANEAP~1Media Player Classic 2007-07-05 21:56 <DIR> d-------- C:Program FilesReal Alternative 2007-07-05 21:56 <DIR> d-------- C:Program FilesMedia Player Classic 2007-07-05 21:56 <DIR> d-------- C:DOCUME~1SDADANEAP~1Real 2007-07-05 21:56 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Real 2007-07-05 14:59 <DIR> d-------- C:Program FilesKM Remote 2007-07-05 14:57 <DIR> d-------- C:Program FilesInvention Office RG 2007-07-02 15:21 612 --a------ C:WINDOWSeReg.dat 2007-07-02 15:15 <DIR> d-------- C:Program FilesEA Games 2007-06-18 21:22 1,867,776 --a------ C:WINDOWSsystem32python24.dll 2007-06-18 21:16 25,653 ----s---- C:WINDOWSsystem32serwer.exe 2007-06-18 20:43 <DIR> d-a------ C:DOCUME~1ALLUSE~1DANEAP~1TEMP 2007-06-13 14:50 <DIR> d-------- C:Program FilesRapidown 2007-06-11 17:30 <DIR> d-------- C:Program FilesSkanerOnline (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-10 14:43:45 -------- d---a-w C:Program FileseMule0.47c 2007-07-10 14:39:25 -------- d-----w C:Program FilesKalendarz XP 2007-07-10 14:07:12 -------- d-----w C:Program FilesJetAudio 2007-07-10 07:27:16 122,884 -c--a-w C:windowsUnGins.exe 2007-07-10 07:27:06 167,936 -c--a-w C:windowssystem32SpoonUninstall.exe 2007-07-10 07:27:00 208,896 -c--a-w C:windowssystem32NVUNINST.EXE 2007-07-10 07:27:00 208,896 -c--a-w C:windowssystem32nvudisp.exe 2007-07-10 07:26:59 1,110,016 -c--a-w C:windowssystem32nvdspsch.exe 2007-07-10 07:26:58 438,272 -c--a-w C:windowssystem32nvappbar.exe 2007-07-10 07:26:56 430,080 -c--a-w C:windowssystem32MXRestore.exe 2007-07-10 07:26:52 352,256 -c--a-w C:windowssystem32keystone.exe 2007-07-10 07:26:42 102,400 ----a-w C:windowsremoveARKIRDA.exe 2007-07-10 07:26:40 264,097 -c--a-w C:windowsPDFCreator_Toolbar_Uninstaller_6584.exe 2007-07-10 07:26:36 139,264 ----a-w C:windowsNeoUninstall.exe 2007-07-09 19:15:12 -------- d-----w C:Program FilesY'z Dock 2007-07-09 16:22:59 1,744 ----a-w C:windowssystem32d3d9caps.dat 2007-07-09 10:53:54 1,632 ----a-w C:windowssystem32d3d8caps.dat 2007-07-07 18:28:33 -------- d-----w C:Program FilesGameSpy Arcade 2007-07-06 14:59:58 -------- d--h--w C:Program FilesInstallShield Installation Information 2007-07-06 06:55:44 -------- d-----w C:Program FilesStellarium 2007-07-01 18:58:03 -------- d-----w C:Program FilesGadu-Gadu 2007-06-21 07:32:35 -------- d-----w C:DOCUME~1SDADANEAP~1MegauploadToolbar 2007-06-14 16:40:02 283 ----a-w C:AUTOEXEC.BAT 2007-06-12 15:23:27 307,200 ----a-w C:windowsIsUn0415.exe 2007-06-11 20:09:21 -------- d-----w C:Program FilesPlugins 2007-06-09 13:10:23 -------- d-----w C:Program FilesSamurize 2007-06-09 12:41:22 -------- d-----w C:Program FilesLavalys 2007-06-09 12:40:13 713 ----a-w C:windowsunins000.dat 2007-06-04 11:36:46 -------- d-----w C:Program FilesFirefly Studios 2007-05-22 12:28:14 -------- d-----w C:DOCUME~1SDADANEAP~1Skype 2007-05-18 16:41:55 -------- d-----w C:Program FilesStudent Notebook 2 2007-05-18 16:38:38 -------- d-----w C:Program FilesCelestia 2007-05-16 13:48:56 448,796 ----a-w C:windowssystem32perfh015.dat 2007-05-16 13:48:55 74,252 ----a-w C:windowssystem32perfc015.dat 2007-04-18 16:14:32 2,854,400 ----a-w C:windowssystem32msi.dll 2007-04-16 11:40:01 5,837,839 --sha-w C:windowssystem32httpklg.sys 2007-01-04 17:47:15 0 -csha-w C:windowssystem32httpget.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 11:56 63136 -ra------ C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{140BD8E3-C167-11D4-B4A3-080000180323}] [HKEY_LOCAL_MACHINE~Browser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}] 2006-10-31 08:55 1803720 --a------ C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [HKEY_LOCAL_MACHINE~Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 02:04 853672 --a------ C:PROGRA~1SPYBOT~1SDHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:Program FilesJavajre1.6.0_01binssv.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] 2006-11-14 12:35 757760 --a------ C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SpeedTouch USB Diagnostics"="C:Program FilesThomsonSpeedTouch USBDragdiag.exe" [2004-03-23 12:06] "Resume copy"="copyfstq.exe" [2006-07-07 14:04 C:WINDOWScopyfstq.exe] "QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2006-04-01 13:31] "nwiz"="nwiz.exe" [2004-07-12 16:50 C:WINDOWSsystem32nwiz.exe] "ISUSPM Startup"="C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe" [2004-08-09 06:03] "ISUSScheduler"="C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" [2004-08-09 06:03] "SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "CursorXP"="C:Program FilesCursorXPCursorXP.exe" [2005-01-19 17:34] "eMuleAutoStart"="C:Program FileseMule0.47cemule.exe" [2006-09-14 16:15] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorerRun] "oksi.scr"=C:Program Filesintern~1oksi.scr [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoTrayIconsDisplay"=1 (0x1) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionimage file execution optionstaskmgr.exe] debugger= [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "PavPrSrv"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) "Abel"=2 (0x2) "AVP"=3 (0x3) [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2F] AutoRuncommand- F:autorun.exe [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G] AutoRuncommand- G:autoplay.exe Contents of the 'Scheduled Tasks' folder 2005-10-12 15:14:16 C:windowstasksArcaVir - Zadanie 0.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 16:43:18 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun oksi.scr = C:Program Filesintern~1oksi.scr??????????Ct?|??4? ???????????T??????????????????????????|????"?????????????????????????????? scanning hidden files ... ************************************************************************** Completion time: 2007-07-10 16:47:12 - machine was rebooted C:ComboFix-quarantined-files.txt ... 2007-07-10 16:46 --- E O F --- Te pierwsze 8 plikow program przeniosl mi do kwarantanny. Widocznie byly zainfekowane. Komputer zrestartowal mi sie po dzialaniu programu.
CatchMe komentarz 10 lipca 2007 komentarz 10 lipca 2007 Ściągnij OTMoveIt: http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe * Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki: C:Program FilesYourSiteBar C:DOCUME~1ALLUSE~1DANEAP~1TEMP C:WINDOWSservices.exe C:windowssystem32MRT.exe * Następnie wciśnij przycisk MoveIt! * Wyskoczy komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów - wciśnij Yes. * Po restarcie usuń ręcznie folder C:_OTMoveIt (Prawoklik >>> Usuń >>> Opróżnij Kosz). --------------------------------------------- W HijackThis kasujesz: R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = prosearching.com R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchURL = prosearching.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = prosearching.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = prosearching.com R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = prosearching.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchURL = prosearching.com R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = prosearching.com R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = prosearching.com R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = prosearching.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = prosearching.com O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:Program FilesYourSiteBarysb.dll (file missing) O4 - HKLM..Run: [MRT] "C:windowssystem32MRT.exe" /R O4 - HKLM..Run: [Windows] C:WINDOWSservices.exe O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) --------------------------------------------- Otwórz Notatnik i wklej w nim to: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE~Browser Helper Objects{140BD8E3-C167-11D4-B4A3-080000180323}] [-HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionimage file execution optionstaskmgr.exe] Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> Uruchom plik FIX.REG w trybie awaryjnym >>> Uruchom ponownie komputer. --------------------------------------------- Po operacjach wklejasz loga z HijackThis i ComboFix. Będzie potrzebny jeszcze Gmer ale to później. --------------------------------------------- - Czy znasz to? [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorerRun] "oksi.scr"=C:Program Filesintern~1oksi.scr
pecet19 komentarz 11 lipca 2007 Autor komentarz 11 lipca 2007 Oto log z HijackThis po wykonanych czynnosciach: Logfile of HijackThis v1.99.1Scan saved at 11:44:28, on 2007-07-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:windowsSystem32smss.exe C:windowssystem32winlogon.exe C:windowssystem32services.exe C:windowssystem32lsass.exe C:windowssystem32svchost.exe C:windowsSystem32svchost.exe C:windowssystem32spoolsv.exe C:windowsExplorer.EXE C:windowssystem32nvsvc32.exe C:Program Filesintern~1oksi.scr C:Program FilesThomsonSpeedTouch USBDragdiag.exe C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe C:Program FilesJavajre1.6.0_01binjusched.exe C:Program FilesCursorXPCursorXP.exe C:Program FilesKalendarz XPKalendarz.exe C:windowssystem32wscntfy.exe C:Program FilesOperaOpera.exe C:Program FilesHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.maxior.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [iSUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup O4 - HKLM..Run: [iSUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:windowssystem32NvCpl.dll,NvStartup O4 - HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe O4 - HKCU..Run: [eMuleAutoStart] C:Program FileseMule0.47cemule.exe -AutoStart O4 - Startup: Emil Junior.exe O4 - Global Startup: Kalendarz XP.lnk = C:Program FilesKalendarz XPKalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:Program FilesIrfanViewEbayEbay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O15 - Trusted Zone: http://mks.com.pl O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLMSystemCCSServicesTcpip..{40CBCF19-5E9C-467F-A29B-C47EB9994A79}: NameServer = 80.244.140.241 80.244.128.1 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:windowssystem32nvsvc32.exe Log z ComboFix: "SDA" - 2007-07-11 11:50:46 - ComboFix 07-07-10.1 - Dodatek Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 ))))))))))))))))))))))))))))))) 2007-07-11 11:23 <DIR> d-------- C:Program Filesbackups 2007-07-11 11:06 210,432 --a------ C:OTMoveIt.exe 2007-07-10 17:17 <DIR> d-------- C:Program FilesEA SPORTS 2007-07-10 17:08 <DIR> d-------- C:Program Filesformula 2007-07-10 16:27 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-10 16:23 1,124,674 --a------ C:ComboFix.exe 2007-07-10 16:18 55,296 --a------ C:Program FilesSeconfig XP.exe 2007-07-10 16:17 51,232 --a------ C:Program Fileswwdc.exe 2007-07-10 16:07 <DIR> d-------- C:Program FilesSilent Runners 2007-07-10 09:42 426 --a------ C:fix.reg 2007-07-10 08:34 218,112 --a------ C:Program FilesHijackThis.exe 2007-07-07 15:48 <DIR> d-------- C:Program FilesTrackMania Nations ESWC 2007-07-05 21:57 <DIR> d-------- C:DOCUME~1SDADANEAP~1Media Player Classic 2007-07-05 21:56 <DIR> d-------- C:Program FilesReal Alternative 2007-07-05 21:56 <DIR> d-------- C:Program FilesMedia Player Classic 2007-07-05 21:56 <DIR> d-------- C:DOCUME~1SDADANEAP~1Real 2007-07-05 21:56 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Real 2007-07-05 14:59 <DIR> d-------- C:Program FilesKM Remote 2007-07-05 14:57 <DIR> d-------- C:Program FilesInvention Office RG 2007-07-02 15:21 838 --a------ C:WINDOWSeReg.dat 2007-07-02 15:15 <DIR> d-------- C:Program FilesEA Games 2007-06-18 21:22 1,867,776 --a------ C:WINDOWSsystem32python24.dll 2007-06-18 21:16 25,653 ----s---- C:WINDOWSsystem32serwer.exe 2007-06-13 14:50 <DIR> d-------- C:Program FilesRapidown 2007-06-11 17:30 <DIR> d-------- C:Program FilesSkanerOnline (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-11 09:48:12 -------- d-----w C:Program FilesKalendarz XP 2007-07-11 09:47:51 -------- d-----w C:Program FilesEnglish Tlanslator 3 2007-07-11 09:38:07 -------- d---a-w C:Program FileseMule0.47c 2007-07-11 09:26:10 1,744 ----a-w C:windowssystem32d3d9caps.dat 2007-07-10 15:28:31 1,632 ----a-w C:windowssystem32d3d8caps.dat 2007-07-10 14:07:12 -------- d-----w C:Program FilesJetAudio 2007-07-10 07:27:16 122,884 -c--a-w C:windowsUnGins.exe 2007-07-10 07:27:06 167,936 -c--a-w C:windowssystem32SpoonUninstall.exe 2007-07-10 07:27:00 208,896 -c--a-w C:windowssystem32NVUNINST.EXE 2007-07-10 07:27:00 208,896 -c--a-w C:windowssystem32nvudisp.exe 2007-07-10 07:26:59 1,110,016 -c--a-w C:windowssystem32nvdspsch.exe 2007-07-10 07:26:58 438,272 -c--a-w C:windowssystem32nvappbar.exe 2007-07-10 07:26:56 430,080 -c--a-w C:windowssystem32MXRestore.exe 2007-07-10 07:26:52 352,256 -c--a-w C:windowssystem32keystone.exe 2007-07-10 07:26:42 102,400 ----a-w C:windowsremoveARKIRDA.exe 2007-07-10 07:26:40 264,097 -c--a-w C:windowsPDFCreator_Toolbar_Uninstaller_6584.exe 2007-07-10 07:26:36 139,264 ----a-w C:windowsNeoUninstall.exe 2007-07-09 19:15:12 -------- d-----w C:Program FilesY'z Dock 2007-07-07 18:28:33 -------- d-----w C:Program FilesGameSpy Arcade 2007-07-06 14:59:58 -------- d--h--w C:Program FilesInstallShield Installation Information 2007-07-06 06:55:44 -------- d-----w C:Program FilesStellarium 2007-07-01 18:58:03 -------- d-----w C:Program FilesGadu-Gadu 2007-06-21 07:32:35 -------- d-----w C:DOCUME~1SDADANEAP~1MegauploadToolbar 2007-06-14 16:40:02 283 ----a-w C:AUTOEXEC.BAT 2007-06-12 15:23:27 307,200 ----a-w C:windowsIsUn0415.exe 2007-06-11 20:09:21 -------- d-----w C:Program FilesPlugins 2007-06-09 13:10:23 -------- d-----w C:Program FilesSamurize 2007-06-09 12:41:22 -------- d-----w C:Program FilesLavalys 2007-06-09 12:40:13 713 ----a-w C:windowsunins000.dat 2007-06-04 11:36:46 -------- d-----w C:Program FilesFirefly Studios 2007-05-22 12:28:14 -------- d-----w C:DOCUME~1SDADANEAP~1Skype 2007-05-18 16:41:55 -------- d-----w C:Program FilesStudent Notebook 2 2007-05-18 16:38:38 -------- d-----w C:Program FilesCelestia 2007-05-16 13:48:56 448,796 ----a-w C:windowssystem32perfh015.dat 2007-05-16 13:48:55 74,252 ----a-w C:windowssystem32perfc015.dat 2007-04-18 16:14:32 2,854,400 ----a-w C:windowssystem32msi.dll 2007-04-16 11:40:01 5,837,839 --sha-w C:windowssystem32httpklg.sys 2007-01-04 17:47:15 0 -csha-w C:windowssystem32httpget.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 11:56 63136 -ra------ C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}] 2006-10-31 08:55 1803720 --a------ C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [HKEY_LOCAL_MACHINE~Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 02:04 853672 --a------ C:PROGRA~1SPYBOT~1SDHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:Program FilesJavajre1.6.0_01binssv.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] 2006-11-14 12:35 757760 --a------ C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SpeedTouch USB Diagnostics"="C:Program FilesThomsonSpeedTouch USBDragdiag.exe" [2004-03-23 12:06] "Resume copy"="copyfstq.exe" [2006-07-07 14:04 C:WINDOWScopyfstq.exe] "QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2006-04-01 13:31] "nwiz"="nwiz.exe" [2004-07-12 16:50 C:WINDOWSsystem32nwiz.exe] "ISUSPM Startup"="C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe" [2004-08-09 06:03] "ISUSScheduler"="C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" [2004-08-09 06:03] "SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "CursorXP"="C:Program FilesCursorXPCursorXP.exe" [2005-01-19 17:34] "eMuleAutoStart"="C:Program FileseMule0.47cemule.exe" [2006-09-14 16:15] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorerRun] "oksi.scr"=C:Program Filesintern~1oksi.scr [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoTrayIconsDisplay"=1 (0x1) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionimage file execution optionstaskmgr.exe] debugger= [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "PavPrSrv"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) "Abel"=2 (0x2) "AVP"=3 (0x3) [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2F] AutoRuncommand- F:autorun.exe [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G] AutoRuncommand- G:autoplay.exe Contents of the 'Scheduled Tasks' folder 2005-10-12 15:14:16 C:windowstasksArcaVir - Zadanie 0.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-11 11:57:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun oksi.scr = C:Program Filesintern~1oksi.scr??????????Ct?|??4? ???????????T??????????????????????????|????"?????????????????????????????? scanning hidden files ... ************************************************************************** Completion time: 2007-07-11 11:59:58 C:ComboFix-quarantined-files.txt ... 2007-07-11 11:59 C:ComboFix2.txt ... 2007-07-10 16:47 --- E O F --- W OTMove 2 z tych 4 plikow juz nie bylo.W HijackThis tez nie bylo kilku wpisow. Co do pliku oksi.scr, nie jestem pewien, ale najprawdopodobniej jest to cos w stylu keyloggera do gry online. Kiedy sie w niej zaloguje to okolo 20 razy wlacza mi sie internet explorer z pewna strona. Dostalem kiedys maila z wygaszaczem ekranu i po wlaczeniu go ten keylogger sie aktywowal. Usunolem to z rejestru ale po restarcie wrocilo.
CatchMe komentarz 11 lipca 2007 komentarz 11 lipca 2007 - Znasz to? O4 - Startup: Emil Junior.exe Pobierz i uruchom narzędzie : The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz: Files to delete: C:OTMoveIt.exe C:WINDOWSnircmd.exe C:Program FilesSeconfig XP.exe C:Program Fileswwdc.exe C:fix.reg Folders to delete: C:Program Filesbackups C:Program Filesintern~1 registry values to delete: HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorerRun | oksi.scr HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer | NoTrayIconsDisplay HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun | oksi.scr registry keys to delete: HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionimage file execution optionstaskmgr.exe Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK. Po restarcie w HijackThis usuwasz wpis/wpisy: R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank Wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix + GMER ( z 2 opcji )
pecet19 komentarz 11 lipca 2007 Autor komentarz 11 lipca 2007 Menadżer zadań chodzi!!!http://www.forumpc.pl/images/smiles/biggrin.gif Wielkie dzieki. Ale zeby pozbyc sie syfow z kompa daje logi. Plik avenger.txt: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 8 Line: HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer | NoTrayIconsDisplay ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: RegistryMachineSystemCurrentControlSetServicespgrnxasp ******************* Script file located at: ??C:windowspgatpjol.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:Avenger ******************* Beginning to process script file: File C:OTMoveIt.exe deleted successfully. File C:WINDOWSnircmd.exe deleted successfully. File C:Program FilesSeconfig XP.exe deleted successfully. File C:Program Fileswwdc.exe deleted successfully. File C:fix.reg deleted successfully. Folder C:Program Filesbackups deleted successfully. Folder C:Program Filesintern~1 deleted successfully. Registry value HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorerRun|oksi scr deleted successfully. Could not delete registry value HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|oksi.scr Deletion of registry value HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun|oksi.scr failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionimage file execution optionstaskmgr.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. HijackThis: Logfile of HijackThis v1.99.1Scan saved at 16:51:29, on 2007-07-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:windowsSystem32smss.exe C:windowssystem32winlogon.exe C:windowssystem32services.exe C:windowssystem32lsass.exe C:windowssystem32svchost.exe C:windowsSystem32svchost.exe C:windowssystem32spoolsv.exe C:windowsExplorer.EXE C:windowssystem32nvsvc32.exe C:Program FilesThomsonSpeedTouch USBDragdiag.exe C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe C:Program FilesJavajre1.6.0_01binjusched.exe C:Program FilesCursorXPCursorXP.exe C:Program FilesKalendarz XPKalendarz.exe C:windowssystem32wscntfy.exe C:Program FilesOperaOpera.exe C:Program FilesHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.maxior.pl/ R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [iSUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup O4 - HKLM..Run: [iSUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:windowssystem32NvCpl.dll,NvStartup O4 - HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe O4 - HKCU..Run: [eMuleAutoStart] C:Program FileseMule0.47cemule.exe -AutoStart O4 - Startup: Emil Junior.exe O4 - Global Startup: Kalendarz XP.lnk = C:Program FilesKalendarz XPKalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:Program FilesIrfanViewEbayEbay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O15 - Trusted Zone: http://mks.com.pl O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLMSystemCCSServicesTcpip..{40CBCF19-5E9C-467F-A29B-C47EB9994A79}: NameServer = 80.244.140.241 80.244.128.1 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:windowssystem32nvsvc32.exe ComboFix: "SDA" - 2007-07-11 16:53:38 - ComboFix 07-07-10.1 - Dodatek Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 ))))))))))))))))))))))))))))))) 2007-07-11 16:53 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-11 16:51 <DIR> d-------- C:Program Filesbackups 2007-07-11 16:35 130,048 --a------ C:avenger.exe 2007-07-10 17:17 <DIR> d-------- C:Program FilesEA SPORTS 2007-07-10 17:08 <DIR> d-------- C:Program Filesformula 2007-07-10 16:23 1,124,674 --a------ C:ComboFix.exe 2007-07-10 16:07 <DIR> d-------- C:Program FilesSilent Runners 2007-07-10 08:34 218,112 --a------ C:Program FilesHijackThis.exe 2007-07-07 15:48 <DIR> d-------- C:Program FilesTrackMania Nations ESWC 2007-07-05 21:57 <DIR> d-------- C:DOCUME~1SDADANEAP~1Media Player Classic 2007-07-05 21:56 <DIR> d-------- C:Program FilesReal Alternative 2007-07-05 21:56 <DIR> d-------- C:Program FilesMedia Player Classic 2007-07-05 21:56 <DIR> d-------- C:DOCUME~1SDADANEAP~1Real 2007-07-05 21:56 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Real 2007-07-05 14:59 <DIR> d-------- C:Program FilesKM Remote 2007-07-05 14:57 <DIR> d-------- C:Program FilesInvention Office RG 2007-07-02 15:21 838 --a------ C:WINDOWSeReg.dat 2007-07-02 15:15 <DIR> d-------- C:Program FilesEA Games 2007-06-18 21:22 1,867,776 --a------ C:WINDOWSsystem32python24.dll 2007-06-18 21:16 25,653 ----s---- C:WINDOWSsystem32serwer.exe 2007-06-13 14:50 <DIR> d-------- C:Program FilesRapidown 2007-06-11 17:30 <DIR> d-------- C:Program FilesSkanerOnline (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-11 14:50:19 -------- d-----w C:Program FilesKalendarz XP 2007-07-11 14:40:13 -------- d---a-w C:Program FileseMule0.47c 2007-07-11 13:52:53 1,632 ----a-w C:windowssystem32d3d8caps.dat 2007-07-11 09:47:51 -------- d-----w C:Program FilesEnglish Tlanslator 3 2007-07-11 09:26:10 1,744 ----a-w C:windowssystem32d3d9caps.dat 2007-07-10 14:07:12 -------- d-----w C:Program FilesJetAudio 2007-07-10 07:27:16 122,884 -c--a-w C:windowsUnGins.exe 2007-07-10 07:27:06 167,936 -c--a-w C:windowssystem32SpoonUninstall.exe 2007-07-10 07:27:00 208,896 -c--a-w C:windowssystem32NVUNINST.EXE 2007-07-10 07:27:00 208,896 -c--a-w C:windowssystem32nvudisp.exe 2007-07-10 07:26:59 1,110,016 -c--a-w C:windowssystem32nvdspsch.exe 2007-07-10 07:26:58 438,272 -c--a-w C:windowssystem32nvappbar.exe 2007-07-10 07:26:56 430,080 -c--a-w C:windowssystem32MXRestore.exe 2007-07-10 07:26:52 352,256 -c--a-w C:windowssystem32keystone.exe 2007-07-10 07:26:42 102,400 ----a-w C:windowsremoveARKIRDA.exe 2007-07-10 07:26:40 264,097 -c--a-w C:windowsPDFCreator_Toolbar_Uninstaller_6584.exe 2007-07-10 07:26:36 139,264 ----a-w C:windowsNeoUninstall.exe 2007-07-09 19:15:12 -------- d-----w C:Program FilesY'z Dock 2007-07-07 18:28:33 -------- d-----w C:Program FilesGameSpy Arcade 2007-07-06 14:59:58 -------- d--h--w C:Program FilesInstallShield Installation Information 2007-07-06 06:55:44 -------- d-----w C:Program FilesStellarium 2007-07-01 18:58:03 -------- d-----w C:Program FilesGadu-Gadu 2007-06-21 07:32:35 -------- d-----w C:DOCUME~1SDADANEAP~1MegauploadToolbar 2007-06-14 16:40:02 283 ----a-w C:AUTOEXEC.BAT 2007-06-12 15:23:27 307,200 ----a-w C:windowsIsUn0415.exe 2007-06-11 20:09:21 -------- d-----w C:Program FilesPlugins 2007-06-09 13:10:23 -------- d-----w C:Program FilesSamurize 2007-06-09 12:41:22 -------- d-----w C:Program FilesLavalys 2007-06-09 12:40:13 713 ----a-w C:windowsunins000.dat 2007-06-04 11:36:46 -------- d-----w C:Program FilesFirefly Studios 2007-05-22 12:28:14 -------- d-----w C:DOCUME~1SDADANEAP~1Skype 2007-05-18 16:41:55 -------- d-----w C:Program FilesStudent Notebook 2 2007-05-18 16:38:38 -------- d-----w C:Program FilesCelestia 2007-05-16 13:48:56 448,796 ----a-w C:windowssystem32perfh015.dat 2007-05-16 13:48:55 74,252 ----a-w C:windowssystem32perfc015.dat 2007-04-18 16:14:32 2,854,400 ----a-w C:windowssystem32msi.dll 2007-04-16 11:40:01 5,837,839 --sha-w C:windowssystem32httpklg.sys 2007-01-04 17:47:15 0 -csha-w C:windowssystem32httpget.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 11:56 63136 -ra------ C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}] 2006-10-31 08:55 1803720 --a------ C:PROGRA~1MEGAUP~1MEGAUP~1.DLL [HKEY_LOCAL_MACHINE~Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 02:04 853672 --a------ C:PROGRA~1SPYBOT~1SDHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:Program FilesJavajre1.6.0_01binssv.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] 2006-11-14 12:35 757760 --a------ C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SpeedTouch USB Diagnostics"="C:Program FilesThomsonSpeedTouch USBDragdiag.exe" [2004-03-23 12:06] "Resume copy"="copyfstq.exe" [2006-07-07 14:04 C:WINDOWScopyfstq.exe] "QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2006-04-01 13:31] "nwiz"="nwiz.exe" [2004-07-12 16:50 C:WINDOWSsystem32nwiz.exe] "ISUSPM Startup"="C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe" [2004-08-09 06:03] "ISUSScheduler"="C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" [2004-08-09 06:03] "SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "CursorXP"="C:Program FilesCursorXPCursorXP.exe" [2005-01-19 17:34] "eMuleAutoStart"="C:Program FileseMule0.47cemule.exe" [2006-09-14 16:15] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices] "PavPrSrv"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) "Abel"=2 (0x2) "AVP"=3 (0x3) [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2F] AutoRuncommand- F:autorun.exe [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G] AutoRuncommand- G:autoplay.exe Contents of the 'Scheduled Tasks' folder 2005-10-12 15:14:16 C:windowstasksArcaVir - Zadanie 0.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-11 17:00:07 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-07-11 17:02:12 C:ComboFix-quarantined-files.txt ... 2007-07-11 17:01 C:ComboFix2.txt ... 2007-07-11 11:59 C:ComboFix3.txt ... 2007-07-10 16:47 --- E O F --- SilentRunners: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "CursorXP" = "C:Program FilesCursorXPCursorXP.exe" [" "] "eMuleAutoStart" = "C:Program FileseMule0.47cemule.exe -AutoStart" ["http://www.emule-project.net] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "SpeedTouch USB Diagnostics" = ""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon" ["THOMSON Telecom Belgium"] "Resume copy" = "copyfstq.exe /startup" [null data] "QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "ISUSPM Startup" = "C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup" [null data] "ISUSScheduler" = ""C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start" ["InstallShield Software Corporation"] "SunJavaUpdateSched" = ""C:Program FilesJavajre1.6.0_01binjusched.exe"" ["Sun Microsystems, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] {C451C08A-EC37-45DF-AAAD-18B51AB5E837}(Default) = (no title provided) -> {HKLM...CLSID} = "PDFCreator Toolbar Helper" InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" InProcServer32(Default) = "C:windowssystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:windowssystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" InProcServer32(Default) = "C:windowssystem32nvshell.dll" ["NVIDIA Corporation"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"] "{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy" -> {HKLM...CLSID} = "QCopy" InProcServer32(Default) = "dropcpyr.dll" [null data] "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio" -> {HKLM...CLSID} = "JetFlExt" InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" [file not found] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" [file not found] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"] "{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL" -> {HKLM...CLSID} = "SmartFTP Shell Extension DLL" InProcServer32(Default) = "C:Program FilesSmartFTP Client 2.0smarthook.dll" [file not found] HKLMSoftwareClassesFoldershellexColumnHandlers {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" [file not found] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt" InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt" InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:windowssystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsSDAUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Startup items in "SDA" & "All Users" startup folders: ----------------------------------------------------- C:Documents and SettingsSDAMenu StartProgramyAutostart <<!>> "Emil Junior.exe" ["THOMSON Telecom Belgium"] C:Documents and SettingsAll UsersMenu StartProgramyAutostart "Kalendarz XP" -> shortcut to: "C:Program FilesKalendarz XPKalendarz.exe" [null data] "Microsoft Office" -> shortcut to: "C:Program FilesMicrosoft OfficeOffice10OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "ArcaVir - Zadanie 0" -> WARNING -- The file "ArcaVir - Zadanie 0.job" is corrupt! (no executable) Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 12 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" -> {HKLM...CLSID} = "PDFCreator Toolbar" InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data] HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" -> {HKLM...CLSID} = "PDFCreator Toolbar" InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data] "{86227D9C-0EFE-4F8A-AA55-30386A3F5686}" -> {HKLM...CLSID} = "YourSiteBar" InProcServer32(Default) = "C:Program FilesYourSiteBarysb.dll" [file not found] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" -> {HKLM...CLSID} = "Megaupload Toolbar" InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] HKLMSoftwareMicrosoftInternet ExplorerToolbar "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" = "PDFCreator Toolbar" -> {HKLM...CLSID} = "PDFCreator Toolbar" InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data] "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided) -> {HKLM...CLSID} = "Megaupload Toolbar" InProcServer32(Default) = "C:PROGRA~1MEGAUP~1MEGAUP~1.DLL" ["MegaUpload"] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {08B0E5C0-4FCB-11CF-AAA5-00401C608501} "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binnpjpi160_01.dll" ["Sun Microsystems, Inc."] {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} "ButtonText" = "eBay - Homepage" "CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}" -> {HKLM...CLSID} = "Toolbar Extension for Executable" InProcServer32(Default) = "C:windowssystem32shdocvw.dll" [MS] "Exec" = "C:Program FilesIrfanViewEbayEbay.htm" [null data] {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:Program FilesMessengermsmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NVIDIA Display Driver Service, NVSvc, "C:windowssystem32nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:windowssystem32wdfmgr.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors Monitor 2 języka BJDriver = "CNBJMON2.DLL" [MS] PDFCreatorDriver = "pdfcmnnt.dll" [null data] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 198 seconds, including 11 seconds for message boxes) Program EmilJunior laczy mnie z netem wiec jest ok. Jesli chodzi o program gmer to czy mam szukac w zakladce rootkit? Nie zrozumialem o co ci chodzilo ze z 2 opcji. Jeszcze raz wielkie dzieki za pomoc.http://www.forumpc.pl/images/smiles/biggrin.gif
CatchMe komentarz 11 lipca 2007 komentarz 11 lipca 2007 Wszystko możesz usunąć - są to pliki programów usuwających (nieszkodliwe): 2007-07-11 16:53 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-11 16:51 <DIR> d-------- C:Program Filesbackups 2007-07-11 16:35 130,048 --a------ C:avenger.exe 2007-07-10 16:23 1,124,674 --a------ C:ComboFix.exe 2007-07-10 16:07 <DIR> d-------- C:Program FilesSilent Runners 2007-07-10 08:34 218,112 --a------ C:Program FilesHijackThis.exe - Logi są czyste już. - Potrzebuję tylko Gmera jeszcze. Ściagnij: Gmer`a * Rootkit >>> odznaczone Pokaż wszystko >>> wskazane wszystkie obiekty do skanu >>> Szukaj>>> Kopiuj >>> CTRL+V na www.wklej.org
pecet19 komentarz 12 lipca 2007 Autor komentarz 12 lipca 2007 Wkleilem wyniki z gmer'a na www.wklej.org ale wkleje tez tutaj. GMER 1.0.13.12551 - http://www.gmer.netRootkit scan 2007-07-12 10:55:06 Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey ---- Kernel code sections - GMER 1.0.13 ---- ? C:windowssystem32driverssptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload F7A6862C 5 Bytes JMP 825FB4E8 ? System32Driversapdgnkwn.SYS Nie można odnaleźć określonego pliku. ---- User code sections - GMER 1.0.13 ---- .text C:windowsExplorer.EXE[1304] USER32.dll!GetCursor 7E36D749 5 Bytes JMP 10001080 C:Program FilesCursorXPCurXP0.dll .text C:windowsExplorer.EXE[1304] USER32.dll!DrawIconEx 7E36EB4E 5 Bytes JMP 10001120 C:Program FilesCursorXPCurXP0.dll .text C:windowsExplorer.EXE[1304] USER32.dll!GetIconInfo 7E36F052 5 Bytes JMP 10001030 C:Program FilesCursorXPCurXP0.dll .text C:gmer.exe[1456] USER32.dll!GetCursor 7E36D749 5 Bytes JMP 10001080 C:Program FilesCursorXPCurXP0.dll .text C:gmer.exe[1456] USER32.dll!DrawIconEx 7E36EB4E 5 Bytes JMP 10001120 C:Program FilesCursorXPCurXP0.dll .text C:gmer.exe[1456] USER32.dll!GetIconInfo 7E36F052 5 Bytes JMP 10001030 C:Program FilesCursorXPCurXP0.dll .text C:Program FilesOperaOpera.exe[1968] user32.dll!GetCursor 7E36D749 5 Bytes JMP 10001080 C:Program FilesCursorXPCurXP0.dll .text C:Program FilesOperaOpera.exe[1968] user32.dll!DrawIconEx 7E36EB4E 5 Bytes JMP 10001120 C:Program FilesCursorXPCurXP0.dll .text C:Program FilesOperaOpera.exe[1968] user32.dll!GetIconInfo 7E36F052 5 Bytes JMP 10001030 C:Program FilesCursorXPCurXP0.dll ---- Kernel IAT/EAT - GMER 1.0.13 ---- IAT windowsSystem32DriversSPTDDRV1.SYS[ntoskrnl.exe!IoConnectInterrupt] [F83AA718] sptd.sys IAT windowsSystem32DriversSPTDDRV1.SYS[ntoskrnl.exe!IofCompleteRequest] [F83BF656] sptd.sys IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F83AA6C4] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83C0394] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F83AA718] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F839AAB6] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F839ABEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F839AB76] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F839B71C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F839B5F2] sptd.sys IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83C04E8] sptd.sys IAT SystemRootsystem32DRIVERScdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83C04E8] sptd.sys IAT SystemRootsystem32DRIVERSi8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F83BF7AE] sptd.sys ---- Devices - GMER 1.0.13 ---- Device FileSystemNtfs Ntfs IRP_MJ_CREATE 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_CLOSE 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_READ 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_WRITE 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_INFORMATION 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_SET_INFORMATION 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_EA 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_SET_EA 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_FLUSH_BUFFERS 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_SET_VOLUME_INFORMATION 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_DIRECTORY_CONTROL 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_DEVICE_CONTROL 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_SHUTDOWN 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_LOCK_CONTROL 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_CLEANUP 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_SECURITY 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_SET_SECURITY 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_QUERY_QUOTA 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_SET_QUOTA 827841D8 Device FileSystemNtfs Ntfs IRP_MJ_PNP 827841D8 Device Driverusbuhci DeviceUSBPDO-0 IRP_MJ_CREATE 826171D8 Device Driverusbuhci DeviceUSBPDO-0 IRP_MJ_CLOSE 826171D8 Device Driverusbuhci DeviceUSBPDO-0 IRP_MJ_DEVICE_CONTROL 826171D8 Device Driverusbuhci DeviceUSBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 826171D8 Device Driverusbuhci DeviceUSBPDO-0 IRP_MJ_POWER 826171D8 Device Driverusbuhci DeviceUSBPDO-0 IRP_MJ_SYSTEM_CONTROL 826171D8 Device Driverusbuhci DeviceUSBPDO-0 IRP_MJ_PNP 826171D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_CREATE 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_CLOSE 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_READ 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_WRITE 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_FLUSH_BUFFERS 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_DEVICE_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_SHUTDOWN 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_POWER 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_SYSTEM_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmIoDaemon IRP_MJ_PNP 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_CREATE 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_CLOSE 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_READ 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_WRITE 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_FLUSH_BUFFERS 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_DEVICE_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_SHUTDOWN 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_POWER 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_SYSTEM_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmConfig IRP_MJ_PNP 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_CREATE 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_CLOSE 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_READ 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_WRITE 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_FLUSH_BUFFERS 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_DEVICE_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_SHUTDOWN 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_POWER 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_SYSTEM_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmPnP IRP_MJ_PNP 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_CREATE 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_CLOSE 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_READ 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_WRITE 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_FLUSH_BUFFERS 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_DEVICE_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_SHUTDOWN 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_POWER 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_SYSTEM_CONTROL 827871D8 Device Driverdmio DeviceDmControlDmInfo IRP_MJ_PNP 827871D8 Device Driverusbuhci DeviceUSBPDO-1 IRP_MJ_CREATE 826171D8 Device Driverusbuhci DeviceUSBPDO-1 IRP_MJ_CLOSE 826171D8 Device Driverusbuhci DeviceUSBPDO-1 IRP_MJ_DEVICE_CONTROL 826171D8 Device Driverusbuhci DeviceUSBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 826171D8 Device Driverusbuhci DeviceUSBPDO-1 IRP_MJ_POWER 826171D8 Device Driverusbuhci DeviceUSBPDO-1 IRP_MJ_SYSTEM_CONTROL 826171D8 Device Driverusbuhci DeviceUSBPDO-1 IRP_MJ_PNP 826171D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_CREATE 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_READ 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_WRITE 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_DEVICE_CONTROL 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_SHUTDOWN 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_CLEANUP 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_POWER 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 827881D8 Device DriverFtdisk DeviceHarddiskVolume1 IRP_MJ_PNP 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_CREATE 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_READ 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_WRITE 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_DEVICE_CONTROL 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_SHUTDOWN 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_CLEANUP 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_POWER 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 827881D8 Device DriverFtdisk DeviceHarddiskVolume2 IRP_MJ_PNP 827881D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_CREATE 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_CLOSE 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_READ 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_WRITE 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_FLUSH_BUFFERS 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_DEVICE_CONTROL 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_SHUTDOWN 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_POWER 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_SYSTEM_CONTROL 8263B1D8 Device DriverCdrom DeviceCdRom0 IRP_MJ_PNP 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_CREATE 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_CLOSE 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_READ 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_WRITE 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_FLUSH_BUFFERS 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_DEVICE_CONTROL 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_SHUTDOWN 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_POWER 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_SYSTEM_CONTROL 8263B1D8 Device DriverCdrom DeviceCdRom1 IRP_MJ_PNP 8263B1D8 Device Driveratapi DeviceIdeIdeDeviceP1T1L0-17 IRP_MJ_CREATE 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T1L0-17 IRP_MJ_CLOSE 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T1L0-17 IRP_MJ_POWER 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T1L0-17 IRP_MJ_PNP 827861D8 Device Driveratapi DeviceIdeIdeDeviceP0T0L0-3 IRP_MJ_CREATE 827861D8 Device Driveratapi DeviceIdeIdeDeviceP0T0L0-3 IRP_MJ_CLOSE 827861D8 Device Driveratapi DeviceIdeIdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdeDeviceP0T0L0-3 IRP_MJ_POWER 827861D8 Device Driveratapi DeviceIdeIdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 827861D8 Device Driveratapi DeviceIdeIdeDeviceP0T0L0-3 IRP_MJ_PNP 827861D8 Device Driveratapi DeviceIdeIdePort0 IRP_MJ_CREATE 827861D8 Device Driveratapi DeviceIdeIdePort0 IRP_MJ_CLOSE 827861D8 Device Driveratapi DeviceIdeIdePort0 IRP_MJ_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdePort0 IRP_MJ_POWER 827861D8 Device Driveratapi DeviceIdeIdePort0 IRP_MJ_SYSTEM_CONTROL 827861D8 Device Driveratapi DeviceIdeIdePort0 IRP_MJ_PNP 827861D8 Device Driveratapi DeviceIdeIdePort1 IRP_MJ_CREATE 827861D8 Device Driveratapi DeviceIdeIdePort1 IRP_MJ_CLOSE 827861D8 Device Driveratapi DeviceIdeIdePort1 IRP_MJ_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdePort1 IRP_MJ_POWER 827861D8 Device Driveratapi DeviceIdeIdePort1 IRP_MJ_SYSTEM_CONTROL 827861D8 Device Driveratapi DeviceIdeIdePort1 IRP_MJ_PNP 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T0L0-f IRP_MJ_CREATE 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T0L0-f IRP_MJ_CLOSE 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T0L0-f IRP_MJ_POWER 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 827861D8 Device Driveratapi DeviceIdeIdeDeviceP1T0L0-f IRP_MJ_PNP 827861D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_CREATE 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_CLOSE 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_READ 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_WRITE 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_FLUSH_BUFFERS 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_DEVICE_CONTROL 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_SHUTDOWN 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_POWER 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_SYSTEM_CONTROL 8263B1D8 Device DriverCdrom DeviceCdRom2 IRP_MJ_PNP 8263B1D8 Device Driver00000136 Device0000004a IRP_MJ_POWER [F83A6DB6] sptd.sys Device Driver00000136 Device0000004a IRP_MJ_SYSTEM_CONTROL [F83BC73C] sptd.sys Device Driver00000136 Device0000004a IRP_MJ_PNP [F83B577E] sptd.sys Device Driverusbuhci DeviceUSBFDO-0 IRP_MJ_CREATE 826171D8 Device Driverusbuhci DeviceUSBFDO-0 IRP_MJ_CLOSE 826171D8 Device Driverusbuhci DeviceUSBFDO-0 IRP_MJ_DEVICE_CONTROL 826171D8 Device Driverusbuhci DeviceUSBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 826171D8 Device Driverusbuhci DeviceUSBFDO-0 IRP_MJ_POWER 826171D8 Device Driverusbuhci DeviceUSBFDO-0 IRP_MJ_SYSTEM_CONTROL 826171D8 Device Driverusbuhci DeviceUSBFDO-0 IRP_MJ_PNP 826171D8 Device Driverusbuhci DeviceUSBFDO-1 IRP_MJ_CREATE 826171D8 Device Driverusbuhci DeviceUSBFDO-1 IRP_MJ_CLOSE 826171D8 Device Driverusbuhci DeviceUSBFDO-1 IRP_MJ_DEVICE_CONTROL 826171D8 Device Driverusbuhci DeviceUSBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 826171D8 Device Driverusbuhci DeviceUSBFDO-1 IRP_MJ_POWER 826171D8 Device Driverusbuhci DeviceUSBFDO-1 IRP_MJ_SYSTEM_CONTROL 826171D8 Device Driverusbuhci DeviceUSBFDO-1 IRP_MJ_PNP 826171D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_CREATE 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_CLOSE 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_READ 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_WRITE 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_SET_INFORMATION 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_QUERY_EA 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_SET_EA 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_SHUTDOWN 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_CLEANUP 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_SET_SECURITY 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_POWER 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_SET_QUOTA 824021D8 Device FileSystemMRxSmb DeviceLanmanDatagramReceiver IRP_MJ_PNP 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_CREATE 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_CLOSE 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_READ 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_WRITE 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_QUERY_INFORMATION 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_SET_INFORMATION 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_QUERY_EA 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_SET_EA 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_FLUSH_BUFFERS 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_DIRECTORY_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_DEVICE_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_SHUTDOWN 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_LOCK_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_CLEANUP 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_CREATE_MAILSLOT 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_QUERY_SECURITY 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_SET_SECURITY 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_POWER 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_SYSTEM_CONTROL 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_DEVICE_CHANGE 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_QUERY_QUOTA 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_SET_QUOTA 824021D8 Device FileSystemMRxSmb DeviceLanmanRedirector IRP_MJ_PNP 824021D8 Device DriverFtdisk DeviceFtControl IRP_MJ_CREATE 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_READ 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_WRITE 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_FLUSH_BUFFERS 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_DEVICE_CONTROL 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_SHUTDOWN 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_CLEANUP 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_POWER 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_SYSTEM_CONTROL 827881D8 Device DriverFtdisk DeviceFtControl IRP_MJ_PNP 827881D8 Device Driverapdgnkwn DeviceScsiapdgnkwn1Port2Path0Target0Lun0 IRP_MJ_CREATE 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1Port2Path0Target0Lun0 IRP_MJ_CLOSE 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1Port2Path0Target0Lun0 IRP_MJ_POWER 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1Port2Path0Target0Lun0 IRP_MJ_PNP 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1 IRP_MJ_CREATE 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1 IRP_MJ_CLOSE 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1 IRP_MJ_DEVICE_CONTROL 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1 IRP_MJ_INTERNAL_DEVICE_CONTROL 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1 IRP_MJ_POWER 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1 IRP_MJ_SYSTEM_CONTROL 825CD790 Device Driverapdgnkwn DeviceScsiapdgnkwn1 IRP_MJ_PNP 825CD790 Device FileSystemCdfs Cdfs IRP_MJ_CREATE 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_CLOSE 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_READ 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_QUERY_INFORMATION 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_SET_INFORMATION 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_DIRECTORY_CONTROL 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_DEVICE_CONTROL 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_SHUTDOWN 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_LOCK_CONTROL 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_CLEANUP 823373D0 Device FileSystemCdfs Cdfs IRP_MJ_PNP 823373D0 ---- EOF - GMER 1.0.13 ----
CatchMe komentarz 12 lipca 2007 komentarz 12 lipca 2007 Włącz pokazywanie ukrytych plików i przeskanuj ten plik: C:WindowsSystem32Driversapdgnkwn.SYS na www.virustotal.com i wklej raport.
pecet19 komentarz 12 lipca 2007 Autor komentarz 12 lipca 2007 Nie mam tego pliku. Kiedy sprawdzam na tej stronie to mi pisze: 0 bytes size received
CatchMe komentarz 12 lipca 2007 komentarz 12 lipca 2007 W takim razie zostawiamy po plik Gmer też nie znajduje. - Czy z komputerem jest już ok?
pecet19 komentarz 12 lipca 2007 Autor komentarz 12 lipca 2007 Tak. Wszystko w porzadku. Jeszcze raz wielkie dzeki za pomoc! Temat uwazam za zamkniety.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.