Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vir bráníci v rozbalení archívů.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Vir bráníci v rozbalení archívů.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir bráníci v rozbalení archívů.
Ok hned to otestuji tím MBAM ale ještě sem chtěl říct že to asi nepomohlo, skoušel sem nainstalovat par složitějších her a větších aplikací a nahlásili chyba čtení archívů bak. Některé programy se ani nespustí a ty archívy stále zlobí. Je tu možnost že to není virem ale hardwarovou poruchou ? Nebo mi asi nezbude nic jiného než přeinstalovat. Jinak pc už je dost staré, asi přes 4 roky a velmi silně používané.
Re: Vir bráníci v rozbalení archívů.
Zde je výpis s toho MBAM. Doufám že je to správný log. Po těch předchozích je nějak krátký 
ale aspoň stručný a česky .)
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 4039
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.4.2010 20:09:40
mbam-log-2010-04-26 (20-09-40).txt
Typ skenu: Úplný sken (C:\|D:\|I:\|)
Skenované objekty: 262934
Uplynulý čas: 29 minuta(y), 19 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 4
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Program Files\WinRAR\keygenpatch.exe (Trojan.Patcher) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{792c571c-06ad-9615-cf39-cf3e7fbdadd7}\components\-k_7JFGN_.dll (Adware.BHO) -> No action taken.
ale aspoň stručný a česky .)Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Verze databáze: 4039
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.4.2010 20:09:40
mbam-log-2010-04-26 (20-09-40).txt
Typ skenu: Úplný sken (C:\|D:\|I:\|)
Skenované objekty: 262934
Uplynulý čas: 29 minuta(y), 19 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 4
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Program Files\WinRAR\keygenpatch.exe (Trojan.Patcher) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{792c571c-06ad-9615-cf39-cf3e7fbdadd7}\components\-k_7JFGN_.dll (Adware.BHO) -> No action taken.
Re: Vir bráníci v rozbalení archívů.
Nechte vše smazat.
Ještě koukneme po rootkitech
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Ještě koukneme po rootkitech
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir bráníci v rozbalení archívů.
Ten scan je extrémně pomalý, tak bych si dovolil malou otázku, do kedy tu budete ?
Re: Vir bráníci v rozbalení archívů.
------GMER------
Log 1:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-26 22:20:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT spof.sys ZwEnumerateKey [0xF7400DA4]
SSDT spof.sys ZwEnumerateValueKey [0xF7401132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F6B1F8
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
---- EOF - GMER 1.0.15 ----
Log 2:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-27 00:01:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT spof.sys ZwCreateKey [0xF73E80E0]
SSDT spof.sys ZwEnumerateKey [0xF7400DA4]
SSDT spof.sys ZwEnumerateValueKey [0xF7401132]
SSDT spof.sys ZwOpenKey [0xF73E80C0]
SSDT spof.sys ZwQueryKey [0xF740120A]
SSDT spof.sys ZwQueryValueKey [0xF740108A]
SSDT spof.sys ZwSetValueKey [0xF740129C]
INT 0x62 ? 86F6CBF8
INT 0x63 ? 86F6CBF8
INT 0x63 ? 86F6CBF8
INT 0x63 ? 8697FF00
INT 0x63 ? 8697FF00
INT 0x63 ? 86F6CBF8
INT 0x74 ? 8697FF00
INT 0x82 ? 86F6CBF8
INT 0x84 ? 8697FF00
INT 0x94 ? 8697FF00
INT 0xB1 ? 86FDABF8
INT 0xB1 ? 86FDABF8
---- Kernel code sections - GMER 1.0.15 ----
? qcijlhnc.sys The system cannot find the file specified. !
? spof.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF62D3000, 0x1BDE76, 0xE8000020]
.text USBPORT.SYS!DllUnload F626A80C 5 Bytes JMP 8697F4E0
.text aelb38la.SYS F6219386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aelb38la.SYS F62193AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aelb38la.SYS F62193C4 3 Bytes [00, 80, 02]
.text aelb38la.SYS F62193C9 1 Byte [30]
.text aelb38la.SYS F62193C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? System32\Drivers\az4e5idg.SYS The system cannot find the path specified. !
PAGE mrxsmb.sys AE1E0000 48 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE mrxsmb.sys AE1E0031 36 Bytes [CE, FF, 15, D0, 83, 1D, AE, ...]
PAGE mrxsmb.sys AE1E0056 14 Bytes [56, FF, 15, D4, 83, 1D, AE, ...]
PAGE mrxsmb.sys AE1E0065 13 Bytes [88, 3E, 22, AE, 75, 1A, 8B, ...]
PAGE mrxsmb.sys AE1E0073 21 Bytes [8B, 45, FC, 5F, 5E, 5B, C9, ...]
PAGE ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xABA03300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7923300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73E9042] spof.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73E913E] spof.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73E90C0] spof.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73E9800] spof.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73E96D6] spof.sys
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73F8B90] spof.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F6B1F8
Device \FileSystem\Udfs \UdfsCdRom 86C04288
Device \FileSystem\Udfs \UdfsDisk 86C04288
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\usbuhci \Device\USBPDO-0 8690E500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD81F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD81F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD81F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD81F8
Device \Driver\usbuhci \Device\USBPDO-1 8690E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{EE599ED9-B61F-4F4D-8CD2-3C5F98675007} 869D7500
Device \Driver\usbuhci \Device\USBPDO-2 8690E500
Device \Driver\usbuhci \Device\USBPDO-3 8690E500
Device \Driver\usbehci \Device\USBPDO-4 8692F500
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\prodrv06 \Device\ProDrv06 E1F14610
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F6D1F8
Device \Driver\Cdrom \Device\CdRom0 86999500
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F6D1F8
Device \Driver\Cdrom \Device\CdRom1 86999500
Device \Driver\atapi \Device\Ide\IdePort0 86F6C1F8
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 86F6C1F8
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 86F6C1F8
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 86F6C1F8
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 86F6C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-1b 86F6C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-1b prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 86F6C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 86999500
Device \Driver\Cdrom \Device\CdRom3 86999500
Device \Driver\Cdrom \Device\CdRom4 86999500
Device \Driver\prohlp02 \Device\ProHlp02 E17EB598
Device \Driver\NetBT \Device\NetBt_Wins_Export 869D7500
Device \Driver\NetBT \Device\NetbiosSmb 869D7500
Device \Driver\USBSTOR \Device\00000093 86C0B500
Device \Driver\sptd \Device\320971848 spof.sys
Device \Driver\USBSTOR \Device\00000095 86C0B500
Device \Driver\PCI_PNP6848 \Device\0000005c spof.sys
Device \Driver\PCI_PNP6848 \Device\0000005c spof.sys
Device \Driver\sptd \Device\321128098 spof.sys
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\USBSTOR \Device\00000096 86C0B500
Device \Driver\PCI_PNP6848 \Device\0000005d spof.sys
Device \Driver\PCI_PNP6848 \Device\0000005d spof.sys
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\usbuhci \Device\USBFDO-0 8690E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{1D7BAE5A-F58F-4A53-8EC3-EC4CDFECCED7} 869D7500
Device \Driver\usbuhci \Device\USBFDO-1 8690E500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 868C7500
Device \Driver\usbuhci \Device\USBFDO-2 8690E500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 868C7500
Device \Driver\usbuhci \Device\USBFDO-3 8690E500
Device \Driver\usbehci \Device\USBFDO-4 8692F500
Device \Driver\Ftdisk \Device\FtControl 86F6D1F8
Device \Driver\aelb38la \Device\Scsi\aelb38la1Port4Path0Target0Lun0 86A0C500
Device \Driver\az4e5idg \Device\Scsi\az4e5idg1 869BE500
Device \Driver\aelb38la \Device\Scsi\aelb38la1 86A0C500
Device \Driver\az4e5idg \Device\Scsi\az4e5idg1Port5Path0Target0Lun0 869BE500
Device \FileSystem\Cdfs \Cdfs 86BEF500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1566169409
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1663149285
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7C 0xF6 0x43 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEA 0x00 0xA3 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x79 0xB4 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x52 0x43 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x24 0x32 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x64 0xD4 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7C 0xF6 0x43 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEA 0x00 0xA3 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x79 0xB4 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x52 0x43 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x24 0x32 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x64 0xD4 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 64D4B0D7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794C038D530D6EB3452C874E194E5E444BFAB7822773940C81FBBFB669EE47E74E504C5085DC10A26A45ED0A15907432A3094460A8F3D28BF952450E622BFCEAFD102BAC705CCAE74E27AE455EE2D367020167F931BE3333068989DA9616E11461D8997459A1E57B07450B78856718B4D8C5BBF87588ED66160DDB4D876407B31FE1980AD368C9F241BB7E488C45466FC6535B878BA87D7A13B5D7AE431E51BECA05131712253F79B0FA99A67A43ABA3D8F16ADB6E97BD23DA9A26A0494F44E7A207A78C66110A6E8F8469EFA1368D250609777D93EF9348A50DE0F2CD9E54BDD0FFBB727A6C5C3637AD0455FE18C4D7DA67482BD47783F5F49E80B1AEA97971F746466CF5CD9BCE1262F7B6F95B39B0F220ECD02C74D8C97A0B6134EE84A104CC9E58DC01D985145816DBFD06953025406E5EF88B537061457E7708D26A3E3F5FC574BBE3A2E966C09B9A666C9C11D9FF9258E79BBD56938633C025E2A2E18AF70B05254B9AD74BDAAE5D5DDD7B9D7471A1967BE382DCAE92D97B60EAFD582937A91694E520E2AA34B6B89A269DCF526772F4B09BE2510171184952CA8EB513DE3BA6A3D702A460B406311E609AC8B9A957D9D4B1
---- EOF - GMER 1.0.15 ----
Log 1:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-26 22:20:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT spof.sys ZwEnumerateKey [0xF7400DA4]
SSDT spof.sys ZwEnumerateValueKey [0xF7401132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F6B1F8
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
---- EOF - GMER 1.0.15 ----
Log 2:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-27 00:01:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT spof.sys ZwCreateKey [0xF73E80E0]
SSDT spof.sys ZwEnumerateKey [0xF7400DA4]
SSDT spof.sys ZwEnumerateValueKey [0xF7401132]
SSDT spof.sys ZwOpenKey [0xF73E80C0]
SSDT spof.sys ZwQueryKey [0xF740120A]
SSDT spof.sys ZwQueryValueKey [0xF740108A]
SSDT spof.sys ZwSetValueKey [0xF740129C]
INT 0x62 ? 86F6CBF8
INT 0x63 ? 86F6CBF8
INT 0x63 ? 86F6CBF8
INT 0x63 ? 8697FF00
INT 0x63 ? 8697FF00
INT 0x63 ? 86F6CBF8
INT 0x74 ? 8697FF00
INT 0x82 ? 86F6CBF8
INT 0x84 ? 8697FF00
INT 0x94 ? 8697FF00
INT 0xB1 ? 86FDABF8
INT 0xB1 ? 86FDABF8
---- Kernel code sections - GMER 1.0.15 ----
? qcijlhnc.sys The system cannot find the file specified. !
? spof.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF62D3000, 0x1BDE76, 0xE8000020]
.text USBPORT.SYS!DllUnload F626A80C 5 Bytes JMP 8697F4E0
.text aelb38la.SYS F6219386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aelb38la.SYS F62193AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aelb38la.SYS F62193C4 3 Bytes [00, 80, 02]
.text aelb38la.SYS F62193C9 1 Byte [30]
.text aelb38la.SYS F62193C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? System32\Drivers\az4e5idg.SYS The system cannot find the path specified. !
PAGE mrxsmb.sys AE1E0000 48 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE mrxsmb.sys AE1E0031 36 Bytes [CE, FF, 15, D0, 83, 1D, AE, ...]
PAGE mrxsmb.sys AE1E0056 14 Bytes [56, FF, 15, D4, 83, 1D, AE, ...]
PAGE mrxsmb.sys AE1E0065 13 Bytes [88, 3E, 22, AE, 75, 1A, 8B, ...]
PAGE mrxsmb.sys AE1E0073 21 Bytes [8B, 45, FC, 5F, 5E, 5B, C9, ...]
PAGE ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xABA03300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7923300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73E9042] spof.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73E913E] spof.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73E90C0] spof.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73E9800] spof.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73E96D6] spof.sys
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\aelb38la.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73F8B90] spof.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F6B1F8
Device \FileSystem\Udfs \UdfsCdRom 86C04288
Device \FileSystem\Udfs \UdfsDisk 86C04288
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\usbuhci \Device\USBPDO-0 8690E500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD81F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD81F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD81F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD81F8
Device \Driver\usbuhci \Device\USBPDO-1 8690E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{EE599ED9-B61F-4F4D-8CD2-3C5F98675007} 869D7500
Device \Driver\usbuhci \Device\USBPDO-2 8690E500
Device \Driver\usbuhci \Device\USBPDO-3 8690E500
Device \Driver\usbehci \Device\USBPDO-4 8692F500
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\prodrv06 \Device\ProDrv06 E1F14610
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F6D1F8
Device \Driver\Cdrom \Device\CdRom0 86999500
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F6D1F8
Device \Driver\Cdrom \Device\CdRom1 86999500
Device \Driver\atapi \Device\Ide\IdePort0 86F6C1F8
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 86F6C1F8
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 86F6C1F8
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 86F6C1F8
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 86F6C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-1b 86F6C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-1b prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 86F6C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 86999500
Device \Driver\Cdrom \Device\CdRom3 86999500
Device \Driver\Cdrom \Device\CdRom4 86999500
Device \Driver\prohlp02 \Device\ProHlp02 E17EB598
Device \Driver\NetBT \Device\NetBt_Wins_Export 869D7500
Device \Driver\NetBT \Device\NetbiosSmb 869D7500
Device \Driver\USBSTOR \Device\00000093 86C0B500
Device \Driver\sptd \Device\320971848 spof.sys
Device \Driver\USBSTOR \Device\00000095 86C0B500
Device \Driver\PCI_PNP6848 \Device\0000005c spof.sys
Device \Driver\PCI_PNP6848 \Device\0000005c spof.sys
Device \Driver\sptd \Device\321128098 spof.sys
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\USBSTOR \Device\00000096 86C0B500
Device \Driver\PCI_PNP6848 \Device\0000005d spof.sys
Device \Driver\PCI_PNP6848 \Device\0000005d spof.sys
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)
Device \Driver\usbuhci \Device\USBFDO-0 8690E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{1D7BAE5A-F58F-4A53-8EC3-EC4CDFECCED7} 869D7500
Device \Driver\usbuhci \Device\USBFDO-1 8690E500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 868C7500
Device \Driver\usbuhci \Device\USBFDO-2 8690E500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 868C7500
Device \Driver\usbuhci \Device\USBFDO-3 8690E500
Device \Driver\usbehci \Device\USBFDO-4 8692F500
Device \Driver\Ftdisk \Device\FtControl 86F6D1F8
Device \Driver\aelb38la \Device\Scsi\aelb38la1Port4Path0Target0Lun0 86A0C500
Device \Driver\az4e5idg \Device\Scsi\az4e5idg1 869BE500
Device \Driver\aelb38la \Device\Scsi\aelb38la1 86A0C500
Device \Driver\az4e5idg \Device\Scsi\az4e5idg1Port5Path0Target0Lun0 869BE500
Device \FileSystem\Cdfs \Cdfs 86BEF500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1566169409
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1663149285
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7C 0xF6 0x43 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEA 0x00 0xA3 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x79 0xB4 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x52 0x43 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x24 0x32 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x64 0xD4 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7C 0xF6 0x43 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEA 0x00 0xA3 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0x79 0xB4 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA3 0x52 0x43 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x24 0x32 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0x64 0xD4 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD2 0xE0 0xD9 0x37 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 64D4B0D7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794C038D530D6EB3452C874E194E5E444BFAB7822773940C81FBBFB669EE47E74E504C5085DC10A26A45ED0A15907432A3094460A8F3D28BF952450E622BFCEAFD102BAC705CCAE74E27AE455EE2D367020167F931BE3333068989DA9616E11461D8997459A1E57B07450B78856718B4D8C5BBF87588ED66160DDB4D876407B31FE1980AD368C9F241BB7E488C45466FC6535B878BA87D7A13B5D7AE431E51BECA05131712253F79B0FA99A67A43ABA3D8F16ADB6E97BD23DA9A26A0494F44E7A207A78C66110A6E8F8469EFA1368D250609777D93EF9348A50DE0F2CD9E54BDD0FFBB727A6C5C3637AD0455FE18C4D7DA67482BD47783F5F49E80B1AEA97971F746466CF5CD9BCE1262F7B6F95B39B0F220ECD02C74D8C97A0B6134EE84A104CC9E58DC01D985145816DBFD06953025406E5EF88B537061457E7708D26A3E3F5FC574BBE3A2E966C09B9A666C9C11D9FF9258E79BBD56938633C025E2A2E18AF70B05254B9AD74BDAAE5D5DDD7B9D7471A1967BE382DCAE92D97B60EAFD582937A91694E520E2AA34B6B89A269DCF526772F4B09BE2510171184952CA8EB513DE3BA6A3D702A460B406311E609AC8B9A957D9D4B1
---- EOF - GMER 1.0.15 ----
Re: Vir bráníci v rozbalení archívů.
Stáhněte http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Drivers, pak Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir bráníci v rozbalení archívů.
--------DRIVERS------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/27 17:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: aa8fmphc.SYS
Image Path: C:\WINDOWS\System32\Drivers\aa8fmphc.SYS
Address: 0xF626C000 Size: 303104 File Visible: No Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF73A1000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAE257000 Size: 138496 File Visible: - Signed: -
Status: -
Name: agtwbg9w.SYS
Image Path: C:\WINDOWS\System32\Drivers\agtwbg9w.SYS
Address: 0xF62B6000 Size: 233472 File Visible: - Signed: -
Status: -
Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xF7793000 Size: 65536 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7333000 Size: 98304 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -
Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF065000 Size: 626688 File Visible: - Signed: -
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 339968 File Visible: - Signed: -
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF636F000 Size: 3817472 File Visible: - Signed: -
Status: -
Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF1CC000 Size: 3887104 File Visible: - Signed: -
Status: -
Name: AtiHdAud.sys
Image Path: C:\WINDOWS\system32\drivers\AtiHdAud.sys
Address: 0xAE7E4000 Size: 106496 File Visible: - Signed: -
Status: -
Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0FE000 Size: 536576 File Visible: - Signed: -
Status: -
Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF181000 Size: 307200 File Visible: - Signed: -
Status: -
Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF9C4000 Size: 2646016 File Visible: - Signed: -
Status: -
Name: atksgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xABA03000 Size: 274432 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7BC8000 Size: 3072 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A6B000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7933000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7733000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF75B3000 Size: 49536 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7563000 Size: 53248 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7553000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF734B000 Size: 153344 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7A29000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7683000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAE0BA000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A71000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAE398000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7B26000 Size: 4096 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF786B000 Size: 27392 File Visible: - Signed: -
Status: -
Name: fetnd5bv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
Address: 0xF75D3000 Size: 42496 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76E3000 Size: 34944 File Visible: - Signed: -
Status: -
Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF7313000 Size: 128768 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A69000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7371000 Size: 125056 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x8070E000 Size: 131712 File Visible: - Signed: -
Status: -
Name: hamachi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xF7893000 Size: 18560 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6336000 Size: 151552 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF7723000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF78EB000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xAE3B0000 Size: 9600 File Visible: - Signed: -
Status: -
Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF7A65000 Size: 8192 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF75F3000 Size: 52736 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF75A3000 Size: 41984 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAE19A000 Size: 136320 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAE335000 Size: 74752 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7523000 Size: 35840 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7873000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A23000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xAB1A0000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6313000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF72EA000 Size: 92928 File Visible: - Signed: -
Status: -
Name: lirsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xF792B000 Size: 18560 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A6D000 Size: 4224 File Visible: - Signed: -
Status: -
Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF789B000 Size: 30080 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF78A3000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xAE3AC000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7533000 Size: 42240 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xABA7F000 Size: 179584 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAE1BC000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF78D3000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7633000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF671B000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF71C2000 Size: 104704 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF721D000 Size: 182912 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF6737000 Size: 9600 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xABD5D000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6241000 Size: 91776 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7653000 Size: 38016 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF76C3000 Size: 34560 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAE279000 Size: 162816 File Visible: - Signed: -
Status: -
Name: nltdi.sys
Image Path: C:\WINDOWS\system32\drivers\nltdi.sys
Address: 0xAE2C9000 Size: 77312 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF78DB000 Size: 30848 File Visible: - Signed: -
Status: -
Name: npkcrypt.sys
Image Path: D:\Lineage II\system\npkcrypt.sys
Address: 0xF77F3000 Size: 21504 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF724A000 Size: 574464 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C17000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nwlnkipx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Address: 0xABC3B000 Size: 88448 File Visible: - Signed: -
Status: -
Name: nwlnknb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Address: 0xABE21000 Size: 63232 File Visible: - Signed: -
Status: -
Name: nwlnkspx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Address: 0xAE13A000 Size: 55936 File Visible: - Signed: -
Status: -
Name: nwrdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwrdr.sys
Address: 0xABAD3000 Size: 163456 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF6258000 Size: 80128 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77AB000 Size: 18688 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7AD3000 Size: 6784 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7390000 Size: 68224 File Visible: - Signed: -
Status: -
Name: PCI_PNP0256
Image Path: \Driver\PCI_PNP0256
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7AEB000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77A3000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAE7C0000 Size: 147456 File Visible: - Signed: -
Status: -
Name: prodrv06.sys
Image Path: C:\WINDOWS\System32\drivers\prodrv06.sys
Address: 0xF76D3000 Size: 53920 File Visible: - Signed: -
Status: -
Name: prohlp02.sys
Image Path: prohlp02.sys
Address: 0xF71DC000 Size: 114016 File Visible: - Signed: -
Status: -
Name: prosync1.sys
Image Path: prosync1.sys
Address: 0xF7A2D000 Size: 7040 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6230000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7883000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7573000 Size: 35712 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF719A000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7603000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7613000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7623000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF788B000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAE22C000 Size: 174592 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A6F000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF61FF000 Size: 196864 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF75C3000 Size: 57472 File Visible: - Signed: -
Status: -
Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xF7A5B000 Size: 5888 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAB851000 Size: 49152 File Visible: No Signed: -
Status: -
Name: rspndr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rspndr.sys
Address: 0xABE11000 Size: 62336 File Visible: - Signed: -
Status: -
Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAE3B8000 Size: 4225920 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF73CF000 Size: 98304 File Visible: - Signed: -
Status: -
Name: secdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xABB73000 Size: 40960 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF717A000 Size: 15488 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF75E3000 Size: 64896 File Visible: - Signed: -
Status: -
Name: sfdrv01.sys
Image Path: sfdrv01.sys
Address: 0xF71F8000 Size: 73728 File Visible: - Signed: -
Status: -
Name: sfhlp01.sys
Image Path: sfhlp01.sys
Address: 0xF7A2B000 Size: 4832 File Visible: - Signed: -
Status: -
Name: sfhlp02.sys
Image Path: sfhlp02.sys
Address: 0xF77BB000 Size: 32768 File Visible: - Signed: -
Status: -
Name: sfvfs02.sys
Image Path: sfvfs02.sys
Address: 0xF720A000 Size: 77824 File Visible: - Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: spwz.sys
Image Path: spwz.sys
Address: 0xF73E7000 Size: 995328 File Visible: No Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF7301000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xAB989000 Size: 333952 File Visible: - Signed: -
Status: -
Name: SVKP.sys
Image Path: C:\WINDOWS\system32\SVKP.sys
Address: 0xF7C20000 Size: 2368 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A5D000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xAB6D1000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAE2DC000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF787B000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7643000 Size: 40704 File Visible: - Signed: -
Status: -
Name: TUKERNEL.EXE
Image Path: C:\WINDOWS\system32\TUKERNEL.EXE
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xABA6E000 Size: 66176 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF61CB000 Size: 209280 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A61000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7903000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7693000 Size: 59264 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF62EF000 Size: 147456 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF78F3000 Size: 26496 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF78FB000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF78CB000 Size: 20992 File Visible: - Signed: -
Status: -
Name: viaagp1.sys
Image Path: viaagp1.sys
Address: 0xF77B3000 Size: 27904 File Visible: - Signed: -
Status: -
Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7A27000 Size: 5376 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF635B000 Size: 81920 File Visible: - Signed: -
Status: -
Name: vidstub.sys
Image Path: vidstub.sys
Address: 0xF74DA000 Size: 163456 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7543000 Size: 52352 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF76F3000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF790B000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xAB62C000 Size: 82944 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7A25000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF72D7000 Size: 77696 File Visible: - Signed: -
Status: -
-------FILES-------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/27 15:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Hidden/Locked Files
-------------------
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-5369aae7-6610-4ab5-be37-e1a2bb73e122.dat
Status: Size mismatch (API: 3072, Raw: 3056)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-474cac15-74bf-4fa1-8f61-f2085e3f0d0d.dat
Status: Size mismatch (API: 5184, Raw: 5168)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-d9854adb-4ccf-47e7-97f6-0d469765ce38.dat
Status: Size mismatch (API: 5200, Raw: 5184)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-934fd5fa-1bfb-47df-9893-3de709ff1705.dat
Status: Size mismatch (API: 3888, Raw: 3872)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-fd36248d-df20-4cc7-bfc7-87b80585904b.dat
Status: Size mismatch (API: 3088, Raw: 3072)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-afca5d6a-f2b4-456e-ac81-a82fc01b6e7a.dat
Status: Size mismatch (API: 5136, Raw: 5120)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-c407f168-1288-4e63-889f-3e383522f4d6.dat
Status: Size mismatch (API: 4464, Raw: 4448)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-caba8f7c-8584-45ef-9040-7c7db7dbae67.dat
Status: Size mismatch (API: 5136, Raw: 5120)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-1c5ba94a-2f9b-4b69-b630-c576ac58bbb9.dat
Status: Size mismatch (API: 3888, Raw: 3872)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-22998ed9-f470-43c1-ad42-85580634dfd5.dat
Status: Size mismatch (API: 4160, Raw: 4144)
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/27 17:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: aa8fmphc.SYS
Image Path: C:\WINDOWS\System32\Drivers\aa8fmphc.SYS
Address: 0xF626C000 Size: 303104 File Visible: No Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF73A1000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAE257000 Size: 138496 File Visible: - Signed: -
Status: -
Name: agtwbg9w.SYS
Image Path: C:\WINDOWS\System32\Drivers\agtwbg9w.SYS
Address: 0xF62B6000 Size: 233472 File Visible: - Signed: -
Status: -
Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xF7793000 Size: 65536 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7333000 Size: 98304 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -
Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF065000 Size: 626688 File Visible: - Signed: -
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 339968 File Visible: - Signed: -
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF636F000 Size: 3817472 File Visible: - Signed: -
Status: -
Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF1CC000 Size: 3887104 File Visible: - Signed: -
Status: -
Name: AtiHdAud.sys
Image Path: C:\WINDOWS\system32\drivers\AtiHdAud.sys
Address: 0xAE7E4000 Size: 106496 File Visible: - Signed: -
Status: -
Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0FE000 Size: 536576 File Visible: - Signed: -
Status: -
Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF181000 Size: 307200 File Visible: - Signed: -
Status: -
Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF9C4000 Size: 2646016 File Visible: - Signed: -
Status: -
Name: atksgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xABA03000 Size: 274432 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7BC8000 Size: 3072 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A6B000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7933000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7733000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF75B3000 Size: 49536 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7563000 Size: 53248 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7553000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF734B000 Size: 153344 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7A29000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7683000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAE0BA000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A71000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAE398000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7B26000 Size: 4096 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF786B000 Size: 27392 File Visible: - Signed: -
Status: -
Name: fetnd5bv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
Address: 0xF75D3000 Size: 42496 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76E3000 Size: 34944 File Visible: - Signed: -
Status: -
Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF7313000 Size: 128768 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A69000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7371000 Size: 125056 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x8070E000 Size: 131712 File Visible: - Signed: -
Status: -
Name: hamachi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xF7893000 Size: 18560 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6336000 Size: 151552 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF7723000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF78EB000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xAE3B0000 Size: 9600 File Visible: - Signed: -
Status: -
Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF7A65000 Size: 8192 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF75F3000 Size: 52736 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF75A3000 Size: 41984 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAE19A000 Size: 136320 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAE335000 Size: 74752 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7523000 Size: 35840 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7873000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A23000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xAB1A0000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6313000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF72EA000 Size: 92928 File Visible: - Signed: -
Status: -
Name: lirsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xF792B000 Size: 18560 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A6D000 Size: 4224 File Visible: - Signed: -
Status: -
Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF789B000 Size: 30080 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF78A3000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xAE3AC000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7533000 Size: 42240 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xABA7F000 Size: 179584 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAE1BC000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF78D3000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7633000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF671B000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF71C2000 Size: 104704 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF721D000 Size: 182912 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF6737000 Size: 9600 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xABD5D000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6241000 Size: 91776 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7653000 Size: 38016 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF76C3000 Size: 34560 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAE279000 Size: 162816 File Visible: - Signed: -
Status: -
Name: nltdi.sys
Image Path: C:\WINDOWS\system32\drivers\nltdi.sys
Address: 0xAE2C9000 Size: 77312 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF78DB000 Size: 30848 File Visible: - Signed: -
Status: -
Name: npkcrypt.sys
Image Path: D:\Lineage II\system\npkcrypt.sys
Address: 0xF77F3000 Size: 21504 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF724A000 Size: 574464 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C17000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nwlnkipx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Address: 0xABC3B000 Size: 88448 File Visible: - Signed: -
Status: -
Name: nwlnknb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Address: 0xABE21000 Size: 63232 File Visible: - Signed: -
Status: -
Name: nwlnkspx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Address: 0xAE13A000 Size: 55936 File Visible: - Signed: -
Status: -
Name: nwrdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwrdr.sys
Address: 0xABAD3000 Size: 163456 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF6258000 Size: 80128 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77AB000 Size: 18688 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7AD3000 Size: 6784 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7390000 Size: 68224 File Visible: - Signed: -
Status: -
Name: PCI_PNP0256
Image Path: \Driver\PCI_PNP0256
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7AEB000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77A3000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAE7C0000 Size: 147456 File Visible: - Signed: -
Status: -
Name: prodrv06.sys
Image Path: C:\WINDOWS\System32\drivers\prodrv06.sys
Address: 0xF76D3000 Size: 53920 File Visible: - Signed: -
Status: -
Name: prohlp02.sys
Image Path: prohlp02.sys
Address: 0xF71DC000 Size: 114016 File Visible: - Signed: -
Status: -
Name: prosync1.sys
Image Path: prosync1.sys
Address: 0xF7A2D000 Size: 7040 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6230000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7883000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7573000 Size: 35712 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF719A000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7603000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7613000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7623000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF788B000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAE22C000 Size: 174592 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A6F000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF61FF000 Size: 196864 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF75C3000 Size: 57472 File Visible: - Signed: -
Status: -
Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xF7A5B000 Size: 5888 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAB851000 Size: 49152 File Visible: No Signed: -
Status: -
Name: rspndr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rspndr.sys
Address: 0xABE11000 Size: 62336 File Visible: - Signed: -
Status: -
Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAE3B8000 Size: 4225920 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF73CF000 Size: 98304 File Visible: - Signed: -
Status: -
Name: secdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xABB73000 Size: 40960 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF717A000 Size: 15488 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF75E3000 Size: 64896 File Visible: - Signed: -
Status: -
Name: sfdrv01.sys
Image Path: sfdrv01.sys
Address: 0xF71F8000 Size: 73728 File Visible: - Signed: -
Status: -
Name: sfhlp01.sys
Image Path: sfhlp01.sys
Address: 0xF7A2B000 Size: 4832 File Visible: - Signed: -
Status: -
Name: sfhlp02.sys
Image Path: sfhlp02.sys
Address: 0xF77BB000 Size: 32768 File Visible: - Signed: -
Status: -
Name: sfvfs02.sys
Image Path: sfvfs02.sys
Address: 0xF720A000 Size: 77824 File Visible: - Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: spwz.sys
Image Path: spwz.sys
Address: 0xF73E7000 Size: 995328 File Visible: No Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF7301000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xAB989000 Size: 333952 File Visible: - Signed: -
Status: -
Name: SVKP.sys
Image Path: C:\WINDOWS\system32\SVKP.sys
Address: 0xF7C20000 Size: 2368 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A5D000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xAB6D1000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAE2DC000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF787B000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7643000 Size: 40704 File Visible: - Signed: -
Status: -
Name: TUKERNEL.EXE
Image Path: C:\WINDOWS\system32\TUKERNEL.EXE
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xABA6E000 Size: 66176 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF61CB000 Size: 209280 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A61000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7903000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7693000 Size: 59264 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF62EF000 Size: 147456 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF78F3000 Size: 26496 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF78FB000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF78CB000 Size: 20992 File Visible: - Signed: -
Status: -
Name: viaagp1.sys
Image Path: viaagp1.sys
Address: 0xF77B3000 Size: 27904 File Visible: - Signed: -
Status: -
Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7A27000 Size: 5376 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF635B000 Size: 81920 File Visible: - Signed: -
Status: -
Name: vidstub.sys
Image Path: vidstub.sys
Address: 0xF74DA000 Size: 163456 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7543000 Size: 52352 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF76F3000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF790B000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xAB62C000 Size: 82944 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7A25000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2321792 File Visible: - Signed: -
Status: -
Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF72D7000 Size: 77696 File Visible: - Signed: -
Status: -
-------FILES-------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/27 15:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Hidden/Locked Files
-------------------
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-5369aae7-6610-4ab5-be37-e1a2bb73e122.dat
Status: Size mismatch (API: 3072, Raw: 3056)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-474cac15-74bf-4fa1-8f61-f2085e3f0d0d.dat
Status: Size mismatch (API: 5184, Raw: 5168)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-d9854adb-4ccf-47e7-97f6-0d469765ce38.dat
Status: Size mismatch (API: 5200, Raw: 5184)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-934fd5fa-1bfb-47df-9893-3de709ff1705.dat
Status: Size mismatch (API: 3888, Raw: 3872)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-fd36248d-df20-4cc7-bfc7-87b80585904b.dat
Status: Size mismatch (API: 3088, Raw: 3072)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-afca5d6a-f2b4-456e-ac81-a82fc01b6e7a.dat
Status: Size mismatch (API: 5136, Raw: 5120)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-c407f168-1288-4e63-889f-3e383522f4d6.dat
Status: Size mismatch (API: 4464, Raw: 4448)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-caba8f7c-8584-45ef-9040-7c7db7dbae67.dat
Status: Size mismatch (API: 5136, Raw: 5120)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-1c5ba94a-2f9b-4b69-b630-c576ac58bbb9.dat
Status: Size mismatch (API: 3888, Raw: 3872)
Path: c:\documents and settings\all users\application data\locktime\netlimiter\2\stats\nlstats-22998ed9-f470-43c1-ad42-85580634dfd5.dat
Status: Size mismatch (API: 4160, Raw: 4144)
Re: Vir bráníci v rozbalení archívů.
Sry neměl sem moc času, přes den.
Re: Vir bráníci v rozbalení archívů.
Stáhněte SystemLookhttp://jpshortstuff.247fixes.com/SystemLook.exe
- uložte ho na plochu a spustte.
- do okénka zkopírujte
Kód: Vybrat vše
:filefind
qcijlhnc.sys
:regfind
qcijlhnc.sys
qcijlhnc
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir bráníci v rozbalení archívů.
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:24 on 27/04/2010 by Admin (Administrator - Elevation successful)
========== filefind ==========
Searching for "qcijlhnc.sys"
No files found.
========== regfind ==========
Searching for "qcijlhnc.sys"
No data found.
Searching for "qcijlhnc"
No data found.
-=End Of File=-
Patrně to nic nenašlo....ale zde je log
Log created at 22:24 on 27/04/2010 by Admin (Administrator - Elevation successful)
========== filefind ==========
Searching for "qcijlhnc.sys"
No files found.
========== regfind ==========
Searching for "qcijlhnc.sys"
No data found.
Searching for "qcijlhnc"
No data found.
-=End Of File=-
Patrně to nic nenašlo....ale zde je log
Re: Vir bráníci v rozbalení archívů.
Nenašlo.
Jak to vypadá s počítačem ted?
Jak to vypadá s počítačem ted?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir bráníci v rozbalení archívů.
moment, zkusím něco stáhnout a rozbalit, za chvíli dam vědět.
Re: Vir bráníci v rozbalení archívů.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Vir bráníci v rozbalení archívů.
Reklamy nejspíš zmizely takže spyware je pryč, ale probléms archívyje stále. Řeším to tak že si co potřebuji rozbalím na jinem počítači a pak si to pošlu nebo přes USB. Ale někedy je problém i něco nainstalovat protože při instalaci se také rozbalují archívy, cab atd. Pokud už tam podle logů žadné viry nejsou a není už žádný jiný test tak je zřejmě problém jinde. Poškozený disk, jiné HW nebo poškozené windows. Ještě skusím přeinstalovat winrar a vyměnit ty rozbalovaní jádra a knihovny. Pokud vás ještě něco napadne budu vděčný diky S pozdravem Igi. .)
diky S pozdravem Igi. .)
Přispějete na provoz fóra?