CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Szybko przybywające pliki temp

Szybko przybywające pliki temp

Witam, W katalogu Temp Windowsa stale przybywają pliki wielkości ok. 51kb srednio co sekunde. Można je oczywiście co chwile usuwać, ale nawet przy największej partycji C miejsca kiedyś zabraknie. Zastanawiam się wiec który program może te pliki tworzyć. Zauważyłem to nagle, nie włączałem żadnych nowych programów przed zauważeniem programu ani w trakcie. Prosze o jakieś sugestie, zdaję sobie sprawe, że forum to odwiedza wielu fachowców od XPeka dlatego mam nadzieję, że uda sie ten problem rozwiazac. screen: [url=http://img413.imageshack.us/my.php?image=tempoa6.jpg][img]http://img413.imageshack.us/img413/9088/tempoa6.th.jpg[/img][/url] Z góry dziękuje, Pozdrawiam

Odpowiedzi: 3

Czy moge liczyć na pomoc ? Z góry dziękuje
Quaint
Dodano
22.07.2007 03:15:31
Miales racje, log z ComboFix: [quote]"Quaint" - 2007-07-19 22:59:37 - ComboFix 07-07-14.6 NTFS [color=red][b] Rootkit driver pe386 is present. ... attempting disinfection [/b][/color] [color=blue] pe386 ...... driver unloaded successfully.[/color] [i] ADS removed - system32: deleted 54654 bytes in 1 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Quaint2\DANEAP~1\Install.dat C:\WINDOWS\system32\8_exception.nls C:\WINDOWS\system32\ksys.sys ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_EXAMPLE -------\LEGACY_EXAMPLE1 -------\LEGACY_NDNET1 -------\LEGACY_RUNTIME -------\EXAMPLE -------\EXAMPLE1 -------\NDnet1 -------\Runtime ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 ))))))))))))))))))))))))))))))) 2007-07-19 22:39 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-19 21:10 142,848 --a------ C:\WINDOWS\gamedelete.exe 2007-07-17 16:13 d-------- C:\DOCUME~1\Quaint\DANEAP~1\SecondLife 2007-07-16 01:07 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-07-16 01:07 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2007-07-16 01:07 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-07-16 01:07 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-07-16 01:07 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-07-16 01:07 d-------- C:\WINDOWS\system32\Futuremark 2007-07-08 00:01 d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google 2007-07-04 22:50 4,096 --a------ C:\WINDOWS\d3dx.dat (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-19 13:40:31 -------- d-----w C:\DOCUME~1\Quaint\DANEAP~1\Azureus 2007-07-15 23:06:31 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-23 10:39:49 -------- d-----w C:\DOCUME~1\Quaint\DANEAP~1\Skype 2007-06-23 10:37:18 -------- d-----w C:\Program Files\DivX 2007-06-19 16:19:25 1,932 ----a-w C:\WINDOWS\mozver.dat 2007-06-13 20:21:49 -------- d-----w C:\DOCUME~1\Quaint\DANEAP~1\teamspeak2 2007-06-09 10:04:04 -------- d-----w C:\Program Files\Skype 2007-06-09 10:04:02 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-05-08 14:23:37 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll 2007-05-08 14:21:17 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-23 00:02:34 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll 2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 05:16 59032 --a------ F:\Programy\Adobe Acrobat 7.0.9\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] 2006-05-16 16:19 81920 --a------ F:\Programy\FlashGet\jccatch.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] 2006-07-07 17:30 118784 --a------ F:\Programy\FlashGet\getflash.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\soundman.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 22:05] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-25 01:07] "DAEMON Tools-1033"="F:\Programy\Daemon\daemon.exe" [2004-08-22 18:05] "avast!"="F:\Programy\avast!\ashDisp.exe" [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="F:\Programy\Gadu-Gadu\gg.exe" [2007-05-10 16:36] "F:\Programy\NetMeter\NetMeter.exe"="F:\Programy\NetMeter\NetMeter.exe" [2004-03-04 15:47] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24] "J:\Programy\Pasek TVN24\PasekTVN24.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UninstalTime] chkdisk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] F:\Programy\Gmail Notifier\gnotify.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} rundll32 iesetup.dll,IEAccessUserInst ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-19 23:04:41 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F:\\Programy\\NetMeter\\NetMeter.exe"="F:\\Programy\\NetMeter\\NetMeter.exe" Completion time: 2007-07-19 23:06:22 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-19 23:06 --- E O F --- [/quote] Silent: [quote]"Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""F:\Programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "F:\Programy\NetMeter\NetMeter.exe" = "F:\Programy\NetMeter\NetMeter.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data] "DAEMON Tools-1033" = ""F:\Programy\Daemon\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "avast!" = "F:\Programy\avast!\ashDisp.exe" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "F:\Programy\Adobe Acrobat 7.0.9\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch5 Class" \InProcServer32\(Default) = "F:\Programy\FlashGet\jccatch.dll" ["FlashGet"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "gFlash Class" \InProcServer32\(Default) = "F:\Programy\FlashGet\getflash.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "F:\Programy\avast!\ashShell.dll" ["ALWIL Software"] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "F:\Programy\Office\Office10\msohev.dll" [MS] "{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}" = "Zinio Shell Extension" -> {HKLM...CLSID} = "Zinio Magazine" \InProcServer32\(Default) = "C:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."] "{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}" = "Zinio Magazine Column Provider" -> {HKLM...CLSID} = "MyMagazinesColumn Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "F:\Programy\Real Player\rpshell.dll" ["RealNetworks, Inc."] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon<> "Shell" = "rundll32 "C:\DOCUME~1\Quaint\USTAWI~1\Temp\systems.dll" X4,explorer.exe" [MS], [file not found], [file not found], [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\Folder\shellex\ColumnHandlers{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}\(Default) = "Zinio Magazine Column Provider" -> {HKLM...CLSID} = "MyMagazinesColumn Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Zinio\ZShext.dll" ["Zinio Systems, Inc."] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "F:\Programy\Adobe Acrobat 7.0.9\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlersavast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "F:\Programy\avast!\ashShell.dll" ["ALWIL Software"] MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "F:\Programy\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersMagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "F:\Programy\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersavast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "F:\Programy\avast!\ashShell.dll" ["ALWIL Software"] MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}" -> {HKLM...CLSID} = "MShellExtMenu Class" \InProcServer32\(Default) = "F:\Programy\MagicISO\misosh.dll" ["MagicISO, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "C:\Documents and Settings\Quaint\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop"Wallpaper" = "C:\Documents and Settings\Quaint\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" [/quote] Hijackthis: [quote]Logfile of HijackThis v1.99.1 Scan saved at 23:15:49, on 2007-07-19 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe F:\Programy\avast!\aswUpdSv.exe F:\Programy\avast!\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe F:\Programy\Daemon\daemon.exe F:\Programy\avast!\ashDisp.exe F:\Programy\Gadu-Gadu\gg.exe F:\Programy\NetMeter\NetMeter.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe F:\Programy\Gmail Notifier\gnotify.exe F:\Programy\avast!\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe F:\Programy\FF\firefox.exe C:\Documents and Settings\Quaint\Pulpit\Download Firefox2\programy diagnoza\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.112.139.110:3127 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programy\Adobe Acrobat 7.0.9\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Programy\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Programy\FlashGet\getflash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\Programy\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Programy\Daemon\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] F:\Programy\avast!\ashDisp.exe O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Programy\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [F:\Programy\NetMeter\NetMeter.exe] F:\Programy\NetMeter\NetMeter.exe O4 - Startup: Gmail Notifier.lnk = F:\Programy\Gmail Notifier\gnotify.exe O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\Programy\Office\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - F:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - F:\Programy\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Programy\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Programy\FlashGet\flashget.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{3C49E737-8580-4999-99AD-326E7B9FCF01}: NameServer = 192.168.8.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programy\avast!\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - F:\Programy\avast!\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - F:\Programy\avast!\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - F:\Programy\avast!\ashWebSv.exe" /service (file missing) O23 - Service: NBService - Nero AG - F:\Programy\Nero 7\Nero BackItUp\NBService.exe [/quote] ...i GMER na koniec: [quote]GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-07-19 23:24:56 Windows 5.1.2600 ---- System - GMER 1.0.13 ---- SSDT d347bus.sys ZwClose SSDT d347bus.sys ZwCreateKey SSDT d347bus.sys ZwCreatePagingFile SSDT d347bus.sys ZwEnumerateKey SSDT d347bus.sys ZwEnumerateValueKey SSDT d347bus.sys ZwOpenKey SSDT d347bus.sys ZwQueryKey SSDT d347bus.sys ZwQueryValueKey SSDT d347bus.sys ZwSetSystemPowerState ---- Kernel code sections - GMER 1.0.13 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [ 06 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 804FC688 4 Bytes [ 18, 58, 46, F8 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 804FC6C8 4 Bytes [ D0, 57, 46, F8 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C0 804FC6D8 4 Bytes [ 20, 9A, 45, F8 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 228 804FC740 4 Bytes [ A8, A2, 45, F8 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 230 804FC748 4 Bytes [ 10, 59, 46, F8 ] .text ... ? C:\DOCUME~1\Quaint\USTAWI~1\Temp\catchme.sys Nie można odnaleźć określonego pliku. ? C:\WINDOWS\System32\Drivers\PROCEXP90.SYS Nie można odnaleźć określonego pliku. ---- Devices - GMER 1.0.13 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 81E294A8 AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A6018F74] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A6017812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A6017812] aswMon2.SYS Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 81A999F0 Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 81A999F0 AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F37C02C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F37C02C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F37C08E6] aswTdi.SYS Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81B3E7A0 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81A8F138 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81B3E7A0 Device \Driver\nvatabus \Device\00000066 IRP_MJ_CREATE 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_CREATE_NAMED_PIPE 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_CLOSE 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_READ 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_WRITE 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_INFORMATION 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_INFORMATION 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_EA 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_EA 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_FLUSH_BUFFERS 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_VOLUME_INFORMATION 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_VOLUME_INFORMATION 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_DIRECTORY_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_FILE_SYSTEM_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_DEVICE_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_SHUTDOWN 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_LOCK_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_CLEANUP 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_CREATE_MAILSLOT 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_SECURITY 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_SECURITY 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_POWER 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_SYSTEM_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_DEVICE_CHANGE 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_QUERY_QUOTA 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_SET_QUOTA 81E66398 Device \Driver\nvatabus \Device\00000066 IRP_MJ_PNP 81E66398 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81B3E7A0 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81B3E7A0 Device \Driver\nvatabus \Device\00000067 IRP_MJ_CREATE 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_CREATE_NAMED_PIPE 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_CLOSE 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_READ 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_WRITE 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_QUERY_INFORMATION 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_SET_INFORMATION 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_QUERY_EA 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_SET_EA 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_FLUSH_BUFFERS 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_QUERY_VOLUME_INFORMATION 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_SET_VOLUME_INFORMATION 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_DIRECTORY_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_FILE_SYSTEM_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_DEVICE_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_SHUTDOWN 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_LOCK_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_CLEANUP 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_CREATE_MAILSLOT 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_QUERY_SECURITY 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_SET_SECURITY 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_POWER 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_SYSTEM_CONTROL 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_DEVICE_CHANGE 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_QUERY_QUOTA 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_SET_QUOTA 81E66398 Device \Driver\nvatabus \Device\00000067 IRP_MJ_PNP 81E66398 Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 81C4F910 AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F37C02C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F37C02C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F37C08E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F37C08E6] aswTdi.SYS Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CLOSE 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_READ 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_WRITE 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_INFORMATION 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_EA 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_EA 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SHUTDOWN 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_LOCK_CONTROL 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CLEANUP 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_SECURITY 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_SECURITY 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_POWER 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_QUOTA 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_QUOTA 81E66398 Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_PNP 81E66398 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81AB60E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81AB60E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 81C25708 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 81BFF188 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_CREATE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_CREATE_NAMED_PIPE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_CLOSE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_READ 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_WRITE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_QUERY_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_SET_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_QUERY_EA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_SET_EA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_FLUSH_BUFFERS 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_SET_VOLUME_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_DIRECTORY_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_SHUTDOWN 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_LOCK_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_CLEANUP 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_CREATE_MAILSLOT 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_QUERY_SECURITY 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_SET_SECURITY 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_POWER 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_DEVICE_CHANGE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_QUERY_QUOTA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_SET_QUOTA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target1Lun0 IRP_MJ_PNP 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_CREATE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_CLOSE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_READ 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_WRITE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_SET_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_QUERY_EA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_SET_EA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_SHUTDOWN 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_CLEANUP 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_SET_SECURITY 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_POWER 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_SET_QUOTA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 IRP_MJ_PNP 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 81CA6F00 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 81CA6F00 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 81BF7740 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 81BF7740 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 81BF7740 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 81BF7740 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 81BF7740 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81B30EA0 ---- Registry - GMER 1.0.13 ---- Reg \Registry\USER\S-1-5-21-1123561945-2077806209-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xD2 0x80 0xE2 0x1E ... Reg \Registry\USER\S-1-5-21-1123561945-2077806209-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x38 0xB4 0x0A 0x1A ... ---- EOF - GMER 1.0.13 ---- [/quote] Jak go usunąć ?? Prosze o pomoc... Pozdrawiam
Quaint
Dodano
20.07.2007 01:13:32
  • Żółty 22.07.2007 03:47:40

    Usuń C:\WINDOWS\gamedelete.exe C:\WINDOWS\d3dx.dat Skasuj klucz, poszukaj pliku (nie pomyl z systemowym chkdsk.exe) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UninstalTime] chkdisk.exe Odpal edytor rejestru, zmień ten wpis shell na explorer.exe (albo na c:\windows\explorer.exe) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon<<!>> "Shell" = "rundll32 "C:\DOCUME~1\Quaint\USTAWI~1\Temp\systems.dll" X4,explorer.exe" [MS], [file not found], [file not found], [MS] Plik C:\DOCUME~1\Quaint\USTAWI~1\Temp\systems.dll usuń (może lepiej - pociągij cały katalog Temp a potem stwórz go ponownie) Proxy Twoje ?? R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.112.139.110:3127 Oporne pliki usuń Killboxem Logi - Silet Runners, Combofixa i Gmera pokaż po robocie.

Mnie to wygląda na jakąś infekcję wirusopodobną. Przydałby się zestaw logów (Gmer, ComboFix, HijackThis, SilentRunners) Przenoszę do bezpieczeństwa.
Bobi
Dodano
19.07.2007 21:24:35
Quaint
Dodano:
19.07.2007 17:56:59
Komentarzy:
3
Strona 1 / 1