|
Poslao: 04 Maj 2007 18:14
|
offline
- OUTKAST
- Novi MyCity građanin
- Pridružio: 04 Maj 2007
- Poruke: 24
|
imam isti problem kado i TheLegend sto je imao,posle 10-15 minuta na internetu,komp mi potpuno blokira,pa sad izbacio log za provjeru.
Logfile of HijackThis v1.99.1
Scan saved at 6:14:11 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\windows\system32\rlvknlg.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\montexel\Desktop\New Folder (2)\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = as.starware.com/dp/search?x=wKX1ILEOi+UdWpS.....r1lDlP7V9X
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prosvsys.exe /res
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Metacafe Downloader.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: Registration Prince of Persia T2T.LNK = C:\Program Files\Ubisoft\Prince of Persia T2T\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {5FD9726A-4977-449D-8352-25FDD8A510B5} - es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1067_em_XP.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - messenger.zone.msn.com/binary/WoF.cab55708.cab
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O16 - DPF: {FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60} - es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1067_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72048748-BF8A-4226-9ECA-B13C74748935}: NameServer = 195.66.160.1 195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
|
|
|
|
|
|
|
Poslao: 04 Maj 2007 18:57
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Muko, gde si uspeo da pokupis samo ovoliko napasti?
Javljam se kasnije veceras sa prvim uputstvima.
Nadam se da imas strpljenja, posto ima ovde vise razlicitih infekcija.
|
|
|
|
|
|
|
|
|
Poslao: 04 Maj 2007 21:35
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.
Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.
Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili
|
|
|
|
|
|
|
Poslao: 05 Maj 2007 00:18
|
offline
- OUTKAST
- Novi MyCity građanin
- Pridružio: 04 Maj 2007
- Poruke: 24
|
GMER 1.0.12.12244 - gmer.net
Rootkit scan 2007-05-05 00:18:48
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT sptd.sys ZwSetValueKey
---- Kernel code sections - GMER 1.0.12 ----
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD7437.SYS The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\DRIVERS\update.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\Runservice.exe[288] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 007E200E
.text C:\WINDOWS\Runservice.exe[288] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007E1DAF
.text C:\WINDOWS\Runservice.exe[288] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007E1CF2
.text C:\WINDOWS\Runservice.exe[288] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 007E191B
.text C:\WINDOWS\explorer.exe[336] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\explorer.exe[336] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\explorer.exe[336] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\explorer.exe[336] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Mozilla Firefox\firefox.exe[580] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Mozilla Firefox\firefox.exe[580] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Mozilla Firefox\firefox.exe[580] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Mozilla Firefox\firefox.exe[580] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Mozilla Firefox\firefox.exe[580] WS2_32.dll!send 71AB428A 5 Bytes JMP 100030E6
.text C:\Program Files\Mozilla Firefox\firefox.exe[580] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 100032CC
.text C:\Program Files\Mozilla Firefox\firefox.exe[580] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100035BC
.text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[792] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ati2evxx.exe[1288] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D7200E
.text C:\WINDOWS\system32\ati2evxx.exe[1288] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D71DAF
.text C:\WINDOWS\system32\ati2evxx.exe[1288] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D71CF2
.text C:\WINDOWS\system32\ati2evxx.exe[1288] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D7191B
.text C:\WINDOWS\system32\rlvknlg.exe[1668] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DE200E
.text C:\WINDOWS\system32\rlvknlg.exe[1668] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DE1DAF
.text C:\WINDOWS\system32\rlvknlg.exe[1668] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DE1CF2
.text C:\WINDOWS\system32\rlvknlg.exe[1668] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DE191B
.text C:\WINDOWS\system32\spoolsv.exe[1700] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\spoolsv.exe[1700] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\spoolsv.exe[1700] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\spoolsv.exe[1700] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1888] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1888] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1888] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1888] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\dlvzwqsy.exe[2440] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 01E3200E
.text C:\WINDOWS\system32\dlvzwqsy.exe[2440] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01E31DAF
.text C:\WINDOWS\system32\dlvzwqsy.exe[2440] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01E31CF2
.text C:\WINDOWS\system32\dlvzwqsy.exe[2440] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01E3191B
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2680] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2680] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2680] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2680] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2680] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2824] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 0094200E
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2824] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00941DAF
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2824] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00941CF2
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2824] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0094191B
.text C:\Program Files\Skype\Phone\Skype.exe[2952] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Skype\Phone\Skype.exe[2952] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Skype\Phone\Skype.exe[2952] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Skype\Phone\Skype.exe[2952] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\Documents and Settings\montexel\Desktop\New Folder (3)\gmer.exe[3892] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00C1200E
.text C:\Documents and Settings\montexel\Desktop\New Folder (3)\gmer.exe[3892] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C11DAF
.text C:\Documents and Settings\montexel\Desktop\New Folder (3)\gmer.exe[3892] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C11CF2
.text C:\Documents and Settings\montexel\Desktop\New Folder (3)\gmer.exe[3892] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00C1191B
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 82BD7EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 82BD7EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 827B0CD8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 827BDD98
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 827BDD98
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 81FAA8C8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 81C4C0E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 81FAA8C8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 81C4C0E8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 81C4C0E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8B1885A] avgtdi.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 82B8EE30
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 82B8EE30
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8B1885A] avgtdi.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 82B8E0E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 82B8E0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 829C8DE8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 829C8DE8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8290C930
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 827BBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 827BBEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 829C8DE8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 829C8DE8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_READ 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_READ 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_NAMED_PIPE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLOSE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_READ 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_WRITE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_EA 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_EA 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FLUSH_BUFFERS 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DIRECTORY_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SHUTDOWN 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_LOCK_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CLEANUP 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_CREATE_MAILSLOT 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_SECURITY 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_POWER 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SYSTEM_CONTROL 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_DEVICE_CHANGE 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_QUERY_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_SET_QUOTA 829EC538
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e IRP_MJ_PNP 829EC538
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 829C8DE8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 829C8DE8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 829C8DE8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 829C8DE8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 829C8DE8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 829C8DE8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 829C8DE8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA
|
|
|
|
|
|
|
Poslao: 05 Maj 2007 00:19
|
offline
- OUTKAST
- Novi MyCity građanin
- Pridružio: 04 Maj 2007
- Poruke: 24
|
GMER 1.0.12.12244 - gmer.net
Autostart scan 2007-05-05 00:19:06
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
AtiExtEvent@DLLName = Ati2evxx.dll
WB@DLLName = C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
ATKKeyboardService /*ATK Keyboard Service*/@ = C:\WINDOWS\ATKKBService.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
CCALib8 /*Canon Camera Access Library 8*/@ = C:\Program Files\Canon\CAL\CALMAIN.exe
LicCtrlService /*LicCtrl Service*/@ = C:\WINDOWS\runservice.exe
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@New.net Startuprundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@DAEMON Tools-1033"C:\Program Files\D-Tools\daemon.exe" -lang 1033 /*file not found*/ = "C:\Program Files\D-Tools\daemon.exe" -lang 1033 /*file not found*/
@OESpamTestC:\PROGRA~1\KASPER~1\KASPER~2\KASPER~3\OESpamTest.ExE /*file not found*/ = C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~3\OESpamTest.ExE /*file not found*/
@ATIPTAC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
@DAEMON Tools"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
@UserFaultCheck%systemroot%\system32\dumprep 0 -u = %systemroot%\system32\dumprep 0 -u
@RelevantKnowledgec:\windows\system32\rlvknlg.exe -boot = c:\windows\system32\rlvknlg.exe -boot
@sXe InjectedC:\Program Files\sXe Injected\sXe Injected.exe = C:\Program Files\sXe Injected\sXe Injected.exe
@My Web Search Barrundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S = rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
@MyWebSearch Email PluginC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
@C-Media MixerMixer.exe /startup = Mixer.exe /startup
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
@LClockC:\Program Files\LClock\LClock.exe /*file not found*/ = C:\Program Files\LClock\LClock.exe /*file not found*/
@dlvzwqsyc:\windows\system32\dlvzwqsy.exe dlvzwqsy = c:\windows\system32\dlvzwqsy.exe dlvzwqsy
@PCSuiteTrayApplicationC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/ = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run >>>
@homepage.monitor.exeC:\Program Files\IntCodec\isamonitor.exe /*file not found*/ = C:\Program Files\IntCodec\isamonitor.exe /*file not found*/
@pmsngr.exeC:\Program Files\IntCodec\pmsngr.exe /*file not found*/ = C:\Program Files\IntCodec\pmsngr.exe /*file not found*/
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Instant AccessC:\WINDOWS\system32\prosvsys.exe /res /*file not found*/ = C:\WINDOWS\system32\prosvsys.exe /res /*file not found*/
@msnmsgr"C:\Program Files\MSN Messenger\msnmsgr.exe" /background = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
@ASUS SmartDoctorC:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start /*file not found*/ = C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start /*file not found*/
@MyWebSearch Email PluginC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
@Skype"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
@updateMgrC:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 /*file not found*/ = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 /*file not found*/
@ /*file not found*/ = /*file not found*/
@StartCCCC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
@SRS Audio Sandbox"C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme /*file not found*/ = "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme /*file not found*/
@Nokia.PCSyncC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@bestreakC:\WINDOWS\system32\viruxz.dll /*file not found*/ = C:\WINDOWS\system32\viruxz.dll /*file not found*/
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler@bestreak =
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{cc3ebf80-1a70-11d3-bdf2-00902745d0a9} /*Mixman Shell Extention*/Tk421.dll = Tk421.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{2F5AC606-70CF-461C-BFE1-734234536262} /*WindowBlinds CPL Extension*/C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll = C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll
@{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE} /*eLicense Control*/C:\WINDOWS\lcmmfu.cpl = C:\WINDOWS\lcmmfu.cpl
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Program Files\Grisoft\AVG7\avgse.dll = C:\Program Files\Grisoft\AVG7\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Program Files\Grisoft\AVG7\avgse.dll = C:\Program Files\Grisoft\AVG7\avgse.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*Nokia Phone Browser*/C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
IMMenuShellExt@{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\Program Files\IncrediMail\bin\IMShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{00A6FAF1-072E-44cf-8957-5838F569A31D}C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL = C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
@{02478D38-C3F9-4EFB-9B51-7695ECA05670}C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{07B18EA1-A523-4961-B6BB-170DE4475CCA}C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL = C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
@{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL = C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
@{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}C:\Program Files\NewDotNet\newdotnet7_48.dll = C:\Program Files\NewDotNet\newdotnet7_48.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{9394EDE7-C8B5-483E-8773-474BF36AF6E4}C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
@{A20854FD-DDB5-4931-8F76-D11EA2364D94}C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll = C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar3.dll = c:\program files\google\googletoolbar3.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll = C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
@{D73F49B1-B51B-4d32-A3B7-BD04B8342F53}C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL = C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.windowsxlive.net = windowsxlive.net
HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = windowsxlive.net
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll
C:\Documents and Settings\montexel\Start Menu\Programs\Startup >>>
Metacafe Downloader.lnk = Metacafe Downloader.lnk
Registration Prince of Persia T2T.LNK = Registration Prince of Persia T2T.LNK
C:\Documents and Settings\All Users\Start Menu\Programs\Startup = Adobe Reader Speed Launch.lnk
---- EOF - GMER 1.0.12 ----
|
|
|
|
|
|
|
Poslao: 05 Maj 2007 11:46
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Prvo skini sledeci program, ali ga samo sacuvaj, nemoj ga pokretati:
http://www.bleepingcomputer.com/files/lspfix.php
Skini i startuj sledeci programcic koji sluzi za otklanjanje NewDotNet infekcije:
http://securityresponse.symantec.com/avcenter/FxNdotN.exe
Ukoliko ti nakon ciscenja od NewDotNet infekcije ne bude vise funkcionisao internet, onda startuj LSPFix kog si prvo skinuo.
Sada ponovo skeniraj HJT-om i stikliraj polja ispred sledecih linija:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpS.....r1lDlP7V9X
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prosvsys.exe /res
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {5FD9726A-4977-449D-8352-25FDD8A510B5} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1067_em_XP.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O16 - DPF: {FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1067_XP.cab
Klikni na Fix Checked
Nakon toga predji u Safe Mode po sledecem uputstvu:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-uci-u-SAFE-MODE.html
U Safe mode izbrisi sledece foldere:
C:\Program Files\MyWebSearch\
C:\Program Files\NewDotNet\
C:\Program Files\MorpheusBar\
Takodje izbrisi i sledeci fajl:
c:\windows\system32\rlvknlg.exe
Takodje, pogledaj da li postoji neki od sledecih fajlova u C:\Windows\System32\ (nemoj jos brisati):
dlvzwqsy_navps.dat
dlvzwqsy_nav.dat
dlvzwqsy_navtmp.dat
dlvzwqsy.dat
dlvzwqsy.exe
dlvzwqsy_m2s.xml
Na samom kraju, uradi jos jedno skeniranje HJT-om i postavi mi ovde svez log.
Napomena:
Zatvoriti sve programe dok budes cistio, pa i one dole u trayu (kraj sata).
Ne bi bilo lose da odstampas ovo uputstvo pre pocetka ciscenja.
Obavezno se javi sa odgovorima na gornja pitanja, i sa novim logom. Ciscenje nije zavrseno ovim uputstvom, ima jos.
|
|
|
|
|
|
|
Poslao: 05 Maj 2007 12:59
|
offline
- OUTKAST
- Novi MyCity građanin
- Pridružio: 04 Maj 2007
- Poruke: 24
|
Logfile of HijackThis v1.99.1
Scan saved at 12:58:31 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\montexel\Desktop\New Folder (2)\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Metacafe Downloader.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: Registration Prince of Persia T2T.LNK = C:\Program Files\Ubisoft\Prince of Persia T2T\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - messenger.zone.msn.com/binary/WoF.cab55708.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72048748-BF8A-4226-9ECA-B13C74748935}: NameServer = 195.66.160.1 195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
ima:
dlvzwqsy
dlvzwqsy
dlvzwqsy_nav
dlvzwqsy_navps
|
|
|
|
|
|
|
Poslao: 05 Maj 2007 13:36
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
- Skinuti [url=https://www.mycity.rs/must-login.png fajl[/url]
- Desni klik na fajl i odabrati Extract All, raspakovati fajlove na C:\
- Ući u folder C:\bfu_navipromo i startovati BFU.exe
- Po startovanju programa kliknuti na ikonicu foldera i odabrati fajl EGDACCESS.bfu
- Kliknuti na dugme Execute i sačekati dok se obavi čišćenje.
- Kliknuti ponovo na ikonicu foldera i odabrati fajl aftermath.bfu
- Kliknuti na dugme Execute i sačekati dok se obavi čišćenje.
- Po završetku čišćenja restartovati računar. Nakon restarta napraviti novi HJT log i postaviti ga ovde.
|
|
|
|
|
|
|
Poslao: 05 Maj 2007 13:50
|
offline
- OUTKAST
- Novi MyCity građanin
- Pridružio: 04 Maj 2007
- Poruke: 24
|
Logfile of HijackThis v1.99.1
Scan saved at 1:51:57 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\montexel\Desktop\New Folder (2)\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~2\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Metacafe Downloader.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: Registration Prince of Persia T2T.LNK = C:\Program Files\Ubisoft\Prince of Persia T2T\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - messenger.zone.msn.com/binary/WoF.cab55708.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72048748-BF8A-4226-9ECA-B13C74748935}: NameServer = 195.66.160.1 195.66.160.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
|
|
|
|
|
|
