kontrola logu

[kyky66]

ComboFix 10-11-27.01 - Jitka 2010-11-30 15:38:47.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3327.2849 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jitka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jitka\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-30 )))))))))))))))))))))))))))))))
.

2010-11-28 12:04 . 2010-11-28 12:03 390144 ----a-w- c:\windows\system32\CF17131.exe
2010-11-28 11:57 . 2010-11-28 11:57 390144 ----a-w- c:\windows\system32\CF15861.exe
2010-11-28 11:29 . 2010-11-28 11:29 390144 ----a-w- c:\windows\system32\CF10482.exe
2010-11-28 07:38 . 2010-11-28 07:38 390144 ----a-w- c:\windows\system32\CF30767.exe
2010-11-28 07:38 . 2010-11-28 07:34 390144 ----a-w- c:\windows\system32\CF29987.exe
2010-11-23 18:04 . 2010-11-23 20:22 -------- d-----w- c:\program files\trend micro
2010-11-23 18:04 . 2010-11-23 18:04 -------- d-----w- C:\rsit
2010-11-22 17:08 . 2010-11-22 19:36 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 22:23 . 2010-10-27 22:23 63488 ----a-w- c:\windows\xobglu16.dll
2010-10-27 22:23 . 2010-10-27 22:23 23552 ----a-w- c:\windows\xobglu32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-28_12.14.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-30 14:34 . 2010-11-30 14:34 16384 c:\windows\Temp\Perflib_Perfdata_240.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 68156 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 68156 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 78694 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 78694 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 435260 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 435260 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 431648 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 431648 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-09 13533184]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="e:\quicktime\qttask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-07 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"nwiz"="nwiz.exe" [2008-07-09 1657376]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech SetPoint.lnk - e:\program files\kl vesnice\SetPoint\SetPoint.exe [2009-3-5 688128]
Microsoft Office.lnk - e:\officesxp\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"f:\\assassin\\AssassinsCreed_Dx9.exe"=
"f:\\assassin\\AssassinsCreed_Dx10.exe"=
"f:\\assassin\\AssassinsCreed_Launcher.exe"=
"f:\\Empire Earth\\Empire Earth.exe"=
"e:\\Documents and Settings\\Jitka\\Dokumenty\\uTorrent.exe"=
"f:\\Heroes of Might and Magic V Collector Edition\\bin\\H5_Game.exe"=
"e:\\icq\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"f:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"f:\\Sacred\\Sacred.exe"=
"f:\\Sacred 2\\system\\s2gs.exe"=
"f:\\Sacred 2\\system\\sacred2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-02-27 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-02-27 165456]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-09-24 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-09-24 41936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-27 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-07-19 222456]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-08-05 111312]
S2 gupdate1ca2fcd12ac4984;Služba Google Update (gupdate1ca2fcd12ac4984);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
S2 IBService;IBService;e:\program files\Invisible Browsing\servers\IBService.exe --> e:\program files\Invisible Browsing\servers\IBService.exe [?]
S3 dmodusb;dmodusb;c:\windows\system32\drivers\dmodusb.sys [2010-08-02 26240]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2009-04-13 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2009-04-13 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2009-04-13 94064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-08-05 100496]
S3 XilinxFirmwareEmbeddedLoader;XilinxFirmwareEmbeddedLoader;c:\windows\system32\drivers\xusb_xup.sys [2010-08-02 17408]
S3 XilinxFirmwareEmbeddedLpLoader;XilinxFirmwareEmbeddedLpLoader;c:\windows\system32\drivers\xusb_emb.sys [2010-08-02 17408]
S3 XilinxFirmwareLoader;XilinxFirmwareLoader;c:\windows\system32\drivers\xusbdfwu.sys [2010-08-02 17280]
S3 XilinxFirmwareLpLoader;XilinxFirmwareLpLoader;c:\windows\system32\drivers\xusb_xlp.sys [2010-08-02 17280]
S3 XilinxFirmwareXpressLoader;XilinxFirmwareXpressLoader;c:\windows\system32\drivers\xusb_xpr.sys [2010-08-02 16768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 15:08]

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 15:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - e:\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - e:\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Jitka\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program files\Reader\browser\nppdf32.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - e:\program files\mozilla\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Illimitux: illimitux@illimitux.net - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\illimitux@illimitux.net
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Extension: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Extension: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Extension: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Extension: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Extension: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Extension: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-2111687655-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:97,59,6a,24,eb,b7,2b,19,f1,11,87,d1,d7,f2,d2,a8,22,2e,77,98,b1,
88,5e,3a,73,42,a1,12,e4,c7,f0,c6,8a,68,97,80,0d,4c,f8,68,8d,18,12,e8,5d,b4,\
"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2240)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
e:\program files\klávesnice\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-11-30 15:43:25
ComboFix-quarantined-files.txt 2010-11-30 14:43
ComboFix2.txt 2010-11-28 12:15

Před spuštěním: Volných bajtů: 83,146,756,096
Po spuštění: Volných bajtů: 83,143,008,256

- - End Of File - - B95B13B29D7AD8BCB960681A1403EDB8

[motji]

Fajn, co počítač? Ještě provedu test na rootkity, pokud nejste proti

Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem

-postupně vyberte všechny záložky a udělejte skeny.

[kyky66]

ale ten winrar a winzip me stale nefunguje mam ho preinstalovat ?

[kyky66]

jinak mechanika dela furt to same

[kyky66]

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/30 22:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xBABA8000 Size: 22144 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA661000 Size: 188288 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: aebk4sll.SYS
Image Path: C:\WINDOWS\System32\Drivers\aebk4sll.SYS
Address: 0xB9764000 Size: 221184 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB5B12000 Size: 138496 File Visible: - Signed: -
Status: -

Name: ASACPI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ASACPI.sys
Address: 0xBADE0000 Size: 5152 File Visible: - Signed: -
Status: -

Name: AsIO.sys
Image Path: C:\WINDOWS\system32\drivers\AsIO.sys
Address: 0xBADFA000 Size: 5184 File Visible: - Signed: -
Status: -

Name: aswFsBlk.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswFsBlk.SYS
Address: 0xB56E2000 Size: 11008 File Visible: - Signed: -
Status: -

Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xB543F000 Size: 93440 File Visible: - Signed: -
Status: -

Name: aswRdr.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xBABF8000 Size: 16640 File Visible: - Signed: -
Status: -

Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xB598E000 Size: 158720 File Visible: - Signed: -
Status: -

Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xBAA88000 Size: 39936 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA5F3000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAF6E000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBADF4000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA938000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA9A8000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA8E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA8D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xBA60B000 Size: 153856 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBADAC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBAA68000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB58FE000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE14000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB94AD000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAF60000 Size: 4096 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBAC18000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBAAD8000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xBAB40000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xBA5D3000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBADF2000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA631000 Size: 125184 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB97CF000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB464A000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA968000 Size: 52096 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA998000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA948000 Size: 40192 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB5B5C000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB5BDB000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBAC20000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB448F000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB979A000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA5AA000 Size: 92928 File Visible: - Signed: -
Status: -

Name: l1e51x86.sys
Image Path: C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
Address: 0xBA958000 Size: 53248 File Visible: - Signed: -
Status: -

Name: L8042Kbd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
Address: 0xBA457000 Size: 13568 File Visible: - Signed: -
Status: -

Name: L8042mou.Sys
Image Path: C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
Address: 0xBA978000 Size: 56064 File Visible: - Signed: -
Status: -

Name: LMouKE.Sys
Image Path: C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
Address: 0xB97BD000 Size: 71936 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBADF6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBAC28000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB51E2000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB59B5000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBAB88000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA9F8000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA417000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA49F000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA4F0000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA43B000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB55EA000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB974D000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBAA28000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBAAA8000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB5B34000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBAB90000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA51D000 Size: 574976 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA51D000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAF5A000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D6000 Size: 6053888 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB982F000 Size: 6011808 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA650000 Size: 68736 File Visible: - Signed: -
Status: -

Name: PCI_PNP6558
Image Path: \Driver\PCI_PNP6558
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB5C9E000 Size: 147456 File Visible: - Signed: -
Status: -

Name: prodrv06.sys
Image Path: C:\WINDOWS\System32\drivers\prodrv06.sys
Address: 0xBAAC8000 Size: 53920 File Visible: - Signed: -
Status: -

Name: prohlp02.sys
Image Path: prohlp02.sys
Address: 0xBA4B9000 Size: 114016 File Visible: - Signed: -
Status: -

Name: prosync1.sys
Image Path: prosync1.sys
Address: 0xBADB0000 Size: 7040 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB973C000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBAC98000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB96F4000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA9C8000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA9D8000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA9E8000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBACA0000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB5AC5000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBADF8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB970C000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA9B8000 Size: 58496 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB4A53000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xB5CC2000 Size: 4927488 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xBA68F000 Size: 98304 File Visible: - Signed: -
Status: -

Name: secdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xB4FC0000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA453000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBA988000 Size: 64256 File Visible: - Signed: -
Status: -

Name: sfhlp01.sys
Image Path: sfhlp01.sys
Address: 0xBADAE000 Size: 4832 File Visible: - Signed: -
Status: -

Name: snapman.sys
Image Path: snapman.sys
Address: 0xBA4D5000 Size: 107104 File Visible: - Signed: -
Status: -

Name: splj.sys
Image Path: splj.sys
Address: 0xBA6A7000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA5C1000 Size: 73344 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB5050000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBADE6000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB4FD0000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB5B82000 Size: 361600 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB5B82000 Size: 361600 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBAC90000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBAA08000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB966C000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\drivers\USBD.SYS
Address: 0xBADE8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBAC10000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBAA48000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB97F7000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xBABB0000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBAC08000 Size: 20608 File Visible: - Signed: -
Status: -

Name: VBoxDrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
Address: 0xB5AF0000 Size: 136512 File Visible: - Signed: -
Status: -

Name: VBoxNetFlt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
Address: 0xB96CA000 Size: 104640 File Visible: - Signed: -
Status: -

Name: VBoxUSBMon.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
Address: 0xBAAB8000 Size: 35264 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBAB80000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB981B000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8C8000 Size: 52480 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBAA98000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBABD0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB4F23000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: windrvr6.sys
Image Path: C:\WINDOWS\system32\drivers\windrvr6.sys
Address: 0xB963C000 Size: 193696 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: XPC4DRVR.SYS
Image Path: C:\WINDOWS\System32\drivers\XPC4DRVR.SYS
Address: 0xB500C000 Size: 16000 File Visible: - Signed: -
Status: -

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/30 22:55
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/30 22:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Processes
-------------------
Path: System
PID: 4 Status: -

Path: C:\WINDOWS\system32\wscntfy.exe
PID: 324 Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 448 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 604 Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 640 Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 868 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 988 Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 996 Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 1020 Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 1064 Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 1076 Status: -

Path: C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PID: 1204 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1244 Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 1272 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1324 Status: -

Path: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1368 Status: -

Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 1412 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1448 Status: -

Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PID: 1496 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1540 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1760 Status: -

Path: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PID: 1888 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1920 Status: -

Path: C:\WINDOWS\system32\nvsvc32.exe
PID: 2072 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2104 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2148 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 2280 Status: -

Path: C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PID: 2640 Status: -

Path: C:\Documents and Settings\Jitka\Local Settings\temp\wzdb7e\RootRepeal.exe
PID: 2696 Status: -

Path: C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PID: 2880 Status: -

Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 2960 Status: -

Path: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 3004 Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PID: 3192 Status: -

Path: C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PID: 3236 Status: -

Path: C:\Program Files\DAEMON Tools Lite\daemon.exe
PID: 3244 Status: -

Path: E:\Program Files\QIP\qip.exe
PID: 3316 Status: -

Path: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 3372 Status: -

Path: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PID: 3492 Status: -

Path: C:\WINDOWS\system32\ctfmon.exe
PID: 3612 Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 3724 Status: -

Path: E:\Program Files\klávesnice\SetPoint\SetPoint.exe
PID: 3756 Status: -

Path: C:\PROGRA~1\MI3AA1~1\rapimgr.exe
PID: 3764 Status: -

Path: E:\Program Files\mozilla\firefox.exe
PID: 3904 Status: -

[kyky66]

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/30 22:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden Services
-------------------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/30 22:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Processes
-------------------
Path: System
PID: 4 Status: -

Path: C:\WINDOWS\system32\wscntfy.exe
PID: 324 Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 448 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 604 Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 640 Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 868 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 988 Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 996 Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 1020 Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 1064 Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 1076 Status: -

Path: C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PID: 1204 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1244 Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 1272 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1324 Status: -

Path: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1368 Status: -

Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 1412 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1448 Status: -

Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PID: 1496 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1540 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1760 Status: -

Path: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PID: 1888 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1920 Status: -

Path: C:\WINDOWS\system32\nvsvc32.exe
PID: 2072 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2104 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2148 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 2280 Status: -

Path: C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PID: 2640 Status: -

Path: C:\Documents and Settings\Jitka\Local Settings\temp\wzdb7e\RootRepeal.exe
PID: 2696 Status: -

Path: C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PID: 2880 Status: -

Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 2960 Status: -

Path: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 3004 Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PID: 3192 Status: -

Path: C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PID: 3236 Status: -

Path: C:\Program Files\DAEMON Tools Lite\daemon.exe
PID: 3244 Status: -

Path: E:\Program Files\QIP\qip.exe
PID: 3316 Status: -

Path: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 3372 Status: -

Path: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PID: 3492 Status: -

Path: C:\WINDOWS\system32\ctfmon.exe
PID: 3612 Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 3724 Status: -

Path: E:\Program Files\klávesnice\SetPoint\SetPoint.exe
PID: 3756 Status: -

Path: C:\PROGRA~1\MI3AA1~1\rapimgr.exe
PID: 3764 Status: -

Path: E:\Program Files\mozilla\firefox.exe
PID: 3904 Status: -
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/30 22:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Shadow SSDT
-------------------
#: 000 Function Name: NtGdiAbortDoc
Status: Not hooked

#: 001 Function Name: NtGdiAbortPath
Status: Not hooked

#: 002 Function Name: NtGdiAddFontResourceW
Status: Not hooked

#: 003 Function Name: NtGdiAddRemoteFontToDC
Status: Not hooked

#: 004 Function Name: NtGdiAddFontMemResourceEx
Status: Not hooked

#: 005 Function Name: NtGdiRemoveMergeFont
Status: Not hooked

#: 006 Function Name: NtGdiAddRemoteMMInstanceToDC
Status: Not hooked

#: 007 Function Name: NtGdiAlphaBlend
Status: Not hooked

#: 008 Function Name: NtGdiAngleArc
Status: Not hooked

#: 009 Function Name: NtGdiAnyLinkedFonts
Status: Not hooked

#: 010 Function Name: NtGdiFontIsLinked
Status: Not hooked

#: 011 Function Name: NtGdiArcInternal
Status: Not hooked

#: 012 Function Name: NtGdiBeginPath
Status: Not hooked

#: 013 Function Name: NtGdiBitBlt
Status: Not hooked

#: 014 Function Name: NtGdiCancelDC
Status: Not hooked

#: 015 Function Name: NtGdiCheckBitmapBits
Status: Not hooked

#: 016 Function Name: NtGdiCloseFigure
Status: Not hooked

#: 017 Function Name: NtGdiClearBitmapAttributes
Status: Not hooked

#: 018 Function Name: NtGdiClearBrushAttributes
Status: Not hooked

#: 019 Function Name: NtGdiColorCorrectPalette
Status: Not hooked

#: 020 Function Name: NtGdiCombineRgn
Status: Not hooked

#: 021 Function Name: NtGdiCombineTransform
Status: Not hooked

#: 022 Function Name: NtGdiComputeXformCoefficients
Status: Not hooked

#: 023 Function Name: NtGdiConsoleTextOut
Status: Not hooked

#: 024 Function Name: NtGdiConvertMetafileRect
Status: Not hooked

#: 025 Function Name: NtGdiCreateBitmap
Status: Not hooked

#: 026 Function Name: NtGdiCreateClientObj
Status: Not hooked

#: 027 Function Name: NtGdiCreateColorSpace
Status: Not hooked

#: 028 Function Name: NtGdiCreateColorTransform
Status: Not hooked

#: 029 Function Name: NtGdiCreateCompatibleBitmap
Status: Not hooked

#: 030 Function Name: NtGdiCreateCompatibleDC
Status: Not hooked

#: 031 Function Name: NtGdiCreateDIBBrush
Status: Not hooked

#: 032 Function Name: NtGdiCreateDIBitmapInternal
Status: Not hooked

#: 033 Function Name: NtGdiCreateDIBSection
Status: Not hooked

#: 034 Function Name: NtGdiCreateEllipticRgn
Status: Not hooked

#: 035 Function Name: NtGdiCreateHalftonePalette
Status: Not hooked

#: 036 Function Name: NtGdiCreateHatchBrushInternal
Status: Not hooked

#: 037 Function Name: NtGdiCreateMetafileDC
Status: Not hooked

#: 038 Function Name: NtGdiCreatePaletteInternal
Status: Not hooked

#: 039 Function Name: NtGdiCreatePatternBrushInternal
Status: Not hooked

#: 040 Function Name: NtGdiCreatePen
Status: Not hooked

#: 041 Function Name: NtGdiCreateRectRgn
Status: Not hooked

#: 042 Function Name: NtGdiCreateRoundRectRgn
Status: Not hooked

#: 043 Function Name: NtGdiCreateServerMetaFile
Status: Not hooked

#: 044 Function Name: NtGdiCreateSolidBrush
Status: Not hooked

#: 045 Function Name: NtGdiD3dContextCreate
Status: Not hooked

#: 046 Function Name: NtGdiD3dContextDestroy
Status: Not hooked

#: 047 Function Name: NtGdiD3dContextDestroyAll
Status: Not hooked

#: 048 Function Name: NtGdiD3dValidateTextureStageState
Status: Not hooked

#: 049 Function Name: NtGdiD3dDrawPrimitives2
Status: Not hooked

#: 050 Function Name: NtGdiDdGetDriverState
Status: Not hooked

#: 051 Function Name: NtGdiDdAddAttachedSurface
Status: Not hooked

#: 052 Function Name: NtGdiDdAlphaBlt
Status: Not hooked

#: 053 Function Name: NtGdiDdAttachSurface
Status: Not hooked

#: 054 Function Name: NtGdiDdBeginMoCompFrame
Status: Not hooked

#: 055 Function Name: NtGdiDdBlt
Status: Not hooked

#: 056 Function Name: NtGdiDdCanCreateSurface
Status: Not hooked

#: 057 Function Name: NtGdiDdCanCreateD3DBuffer
Status: Not hooked

#: 058 Function Name: NtGdiDdColorControl
Status: Not hooked

#: 059 Function Name: NtGdiDdCreateDirectDrawObject
Status: Not hooked

#: 060 Function Name: NtGdiDdCreateSurface
Status: Not hooked

#: 061 Function Name: NtGdiDdCreateD3DBuffer
Status: Not hooked

#: 062 Function Name: NtGdiDdCreateMoComp
Status: Not hooked

#: 063 Function Name: NtGdiDdCreateSurfaceObject
Status: Not hooked

#: 064 Function Name: NtGdiDdDeleteDirectDrawObject
Status: Not hooked

#: 065 Function Name: NtGdiDdDeleteSurfaceObject
Status: Not hooked

#: 066 Function Name: NtGdiDdDestroyMoComp
Status: Not hooked

#: 067 Function Name: NtGdiDdDestroySurface
Status: Not hooked

#: 068 Function Name: NtGdiDdDestroyD3DBuffer
Status: Not hooked

#: 069 Function Name: NtGdiDdEndMoCompFrame
Status: Not hooked

#: 070 Function Name: NtGdiDdFlip
Status: Not hooked

#: 071 Function Name: NtGdiDdFlipToGDISurface
Status: Not hooked

#: 072 Function Name: NtGdiDdGetAvailDriverMemory
Status: Not hooked

#: 073 Function Name: NtGdiDdGetBltStatus
Status: Not hooked

#: 074 Function Name: NtGdiDdGetDC
Status: Not hooked

#: 075 Function Name: NtGdiDdGetDriverInfo
Status: Not hooked

#: 076 Function Name: NtGdiDdGetDxHandle
Status: Not hooked

#: 077 Function Name: NtGdiDdGetFlipStatus
Status: Not hooked

#: 078 Function Name: NtGdiDdGetInternalMoCompInfo
Status: Not hooked

#: 079 Function Name: NtGdiDdGetMoCompBuffInfo
Status: Not hooked

#: 080 Function Name: NtGdiDdGetMoCompGuids
Status: Not hooked

#: 081 Function Name: NtGdiDdGetMoCompFormats
Status: Not hooked

#: 082 Function Name: NtGdiDdGetScanLine
Status: Not hooked

#: 083 Function Name: NtGdiDdLock
Status: Not hooked

#: 084 Function Name: NtGdiDdLockD3D
Status: Not hooked

#: 085 Function Name: NtGdiDdQueryDirectDrawObject
Status: Not hooked

#: 086 Function Name: NtGdiDdQueryMoCompStatus
Status: Not hooked

#: 087 Function Name: NtGdiDdReenableDirectDrawObject
Status: Not hooked

#: 088 Function Name: NtGdiDdReleaseDC
Status: Not hooked

#: 089 Function Name: NtGdiDdRenderMoComp
Status: Not hooked

#: 090 Function Name: NtGdiDdResetVisrgn
Status: Not hooked

#: 091 Function Name: NtGdiDdSetColorKey
Status: Not hooked

#: 092 Function Name: NtGdiDdSetExclusiveMode
Status: Not hooked

#: 093 Function Name: NtGdiDdSetGammaRamp
Status: Not hooked

#: 094 Function Name: NtGdiDdCreateSurfaceEx
Status: Not hooked

#: 095 Function Name: NtGdiDdSetOverlayPosition
Status: Not hooked

#: 096 Function Name: NtGdiDdUnattachSurface
Status: Not hooked

#: 097 Function Name: NtGdiDdUnlock
Status: Not hooked

#: 098 Function Name: NtGdiDdUnlockD3D
Status: Not hooked

#: 099 Function Name: NtGdiDdUpdateOverlay
Status: Not hooked

#: 100 Function Name: NtGdiDdWaitForVerticalBlank
Status: Not hooked

#: 101 Function Name: NtGdiDvpCanCreateVideoPort
Status: Not hooked

#: 102 Function Name: NtGdiDvpColorControl
Status: Not hooked

#: 103 Function Name: NtGdiDvpCreateVideoPort
Status: Not hooked

#: 104 Function Name: NtGdiDvpDestroyVideoPort
Status: Not hooked

#: 105 Function Name: NtGdiDvpFlipVideoPort
Status: Not hooked

#: 106 Function Name: NtGdiDvpGetVideoPortBandwidth
Status: Not hooked

#: 107 Function Name: NtGdiDvpGetVideoPortField
Status: Not hooked

#: 108 Function Name: NtGdiDvpGetVideoPortFlipStatus
Status: Not hooked

#: 109 Function Name: NtGdiDvpGetVideoPortInputFormats
Status: Not hooked

#: 110 Function Name: NtGdiDvpGetVideoPortLine
Status: Not hooked

#: 111 Function Name: NtGdiDvpGetVideoPortOutputFormats
Status: Not hooked

#: 112 Function Name: NtGdiDvpGetVideoPortConnectInfo
Status: Not hooked

#: 113 Function Name: NtGdiDvpGetVideoSignalStatus
Status: Not hooked

#: 114 Function Name: NtGdiDvpUpdateVideoPort
Status: Not hooked

#: 115 Function Name: NtGdiDvpWaitForVideoPortSync
Status: Not hooked

#: 116 Function Name: NtGdiDvpAcquireNotification
Status: Not hooked

#: 117 Function Name: NtGdiDvpReleaseNotification
Status: Not hooked

#: 118 Function Name: NtGdiDxgGenericThunk
Status: Not hooked

#: 119 Function Name: NtGdiDeleteClientObj
Status: Not hooked

#: 120 Function Name: NtGdiDeleteColorSpace
Status: Not hooked

#: 121 Function Name: NtGdiDeleteColorTransform
Status: Not hooked

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Not hooked

#: 123 Function Name: NtGdiDescribePixelFormat
Status: Not hooked

#: 124 Function Name: NtGdiGetPerBandInfo
Status: Not hooked

#: 125 Function Name: NtGdiDoBanding
Status: Not hooked

#: 126 Function Name: NtGdiDoPalette
Status: Not hooked

#: 127 Function Name: NtGdiDrawEscape
Status: Not hooked

#: 128 Function Name: NtGdiEllipse
Status: Not hooked

#: 129 Function Name: NtGdiEnableEudc
Status: Not hooked

#: 130 Function Name: NtGdiEndDoc
Status: Not hooked

#: 131 Function Name: NtGdiEndPage
Status: Not hooked

#: 132 Function Name: NtGdiEndPath
Status: Not hooked

#: 133 Function Name: NtGdiEnumFontChunk
Status: Not hooked

#: 134 Function Name: NtGdiEnumFontClose
Status: Not hooked

#: 135 Function Name: NtGdiEnumFontOpen
Status: Not hooked

#: 136 Function Name: NtGdiEnumObjects
Status: Not hooked

#: 137 Function Name: NtGdiEqualRgn
Status: Not hooked

#: 138 Function Name: NtGdiEudcLoadUnloadLink
Status: Not hooked

#: 139 Function Name: NtGdiExcludeClipRect
Status: Not hooked

#: 140 Function Name: NtGdiExtCreatePen
Status: Not hooked

#: 141 Function Name: NtGdiExtCreateRegion
Status: Not hooked

#: 142 Function Name: NtGdiExtEscape
Status: Not hooked

#: 143 Function Name: NtGdiExtFloodFill
Status: Not hooked

#: 144 Function Name: NtGdiExtGetObjectW
Status: Not hooked

#: 145 Function Name: NtGdiExtSelectClipRgn
Status: Not hooked

#: 146 Function Name: NtGdiExtTextOutW
Status: Not hooked

#: 147 Function Name: NtGdiFillPath
Status: Not hooked

#: 148 Function Name: NtGdiFillRgn
Status: Not hooked

#: 149 Function Name: NtGdiFlattenPath
Status: Not hooked

#: 150 Function Name: NtGdiFlushUserBatch
Status: Not hooked

#: 151 Function Name: NtGdiFlush
Status: Not hooked

#: 152 Function Name: NtGdiForceUFIMapping
Status: Not hooked

#: 153 Function Name: NtGdiFrameRgn
Status: Not hooked

#: 154 Function Name: NtGdiFullscreenControl
Status: Not hooked

#: 155 Function Name: NtGdiGetAndSetDCDword
Status: Not hooked

#: 156 Function Name: NtGdiGetAppClipBox
Status: Not hooked

#: 157 Function Name: NtGdiGetBitmapBits
Status: Not hooked

#: 158 Function Name: NtGdiGetBitmapDimension
Status: Not hooked

#: 159 Function Name: NtGdiGetBoundsRect
Status: Not hooked

#: 160 Function Name: NtGdiGetCharABCWidthsW
Status: Not hooked

#: 161 Function Name: NtGdiGetCharacterPlacementW
Status: Not hooked

#: 162 Function Name: NtGdiGetCharSet
Status: Not hooked

#: 163 Function Name: NtGdiGetCharWidthW
Status: Not hooked

#: 164 Function Name: NtGdiGetCharWidthInfo
Status: Not hooked

#: 165 Function Name: NtGdiGetColorAdjustment
Status: Not hooked

#: 166 Function Name: NtGdiGetColorSpaceforBitmap
Status: Not hooked

#: 167 Function Name: NtGdiGetDCDword
Status: Not hooked

#: 168 Function Name: NtGdiGetDCforBitmap
Status: Not hooked

#: 169 Function Name: NtGdiGetDCObject
Status: Not hooked

#: 170 Function Name: NtGdiGetDCPoint
Status: Not hooked

#: 171 Function Name: NtGdiGetDeviceCaps
Status: Not hooked

#: 172 Function Name: NtGdiGetDeviceGammaRamp
Status: Not hooked

#: 173 Function Name: NtGdiGetDeviceCapsAll
Status: Not hooked

#: 174 Function Name: NtGdiGetDIBitsInternal
Status: Not hooked

#: 175 Function Name: NtGdiGetETM
Status: Not hooked

#: 176 Function Name: NtGdiGetEudcTimeStampEx
Status: Not hooked

#: 177 Function Name: NtGdiGetFontData
Status: Not hooked

#: 178 Function Name: NtGdiGetFontResourceInfoInternalW
Status: Not hooked

#: 179 Function Name: NtGdiGetGlyphIndicesW
Status: Not hooked

#: 180 Function Name: NtGdiGetGlyphIndicesWInternal
Status: Not hooked

#: 181 Function Name: NtGdiGetGlyphOutline
Status: Not hooked

#: 182 Function Name: NtGdiGetKerningPairs
Status: Not hooked

#: 183 Function Name: NtGdiGetLinkedUFIs
Status: Not hooked

#: 184 Function Name: NtGdiGetMiterLimit
Status: Not hooked

#: 185 Function Name: NtGdiGetMonitorID
Status: Not hooked

#: 186 Function Name: NtGdiGetNearestColor
Status: Not hooked

#: 187 Function Name: NtGdiGetNearestPaletteIndex
Status: Not hooked

#: 188 Function Name: NtGdiGetObjectBitmapHandle
Status: Not hooked

#: 189 Function Name: NtGdiGetOutlineTextMetricsInternalW
Status: Not hooked

#: 190 Function Name: NtGdiGetPath
Status: Not hooked

#: 191 Function Name: NtGdiGetPixel
Status: Not hooked

#: 192 Function Name: NtGdiGetRandomRgn
Status: Not hooked

#: 193 Function Name: NtGdiGetRasterizerCaps
Status: Not hooked

#: 194 Function Name: NtGdiGetRealizationInfo
Status: Not hooked

#: 195 Function Name: NtGdiGetRegionData
Status: Not hooked

#: 196 Function Name: NtGdiGetRgnBox
Status: Not hooked

#: 197 Function Name: NtGdiGetServerMetaFileBits
Status: Not hooked

#: 198 Function Name: NtGdiGetSpoolMessage
Status: Not hooked

#: 199 Function Name: NtGdiGetStats
Status: Not hooked

#: 200 Function Name: NtGdiGetStockObject
Status: Not hooked

#: 201 Function Name: NtGdiGetStringBitmapW
Status: Not hooked

#: 202 Function Name: NtGdiGetSystemPaletteUse
Status: Not hooked

#: 203 Function Name: NtGdiGetTextCharsetInfo
Status: Not hooked

#: 204 Function Name: NtGdiGetTextExtent
Status: Not hooked

#: 205 Function Name: NtGdiGetTextExtentExW
Status: Not hooked

#: 206 Function Name: NtGdiGetTextFaceW
Status: Not hooked

#: 207 Function Name: NtGdiGetTextMetricsW
Status: Not hooked

#: 208 Function Name: NtGdiGetTransform
Status: Not hooked

#: 209 Function Name: NtGdiGetUFI
Status: Not hooked

#: 210 Function Name: NtGdiGetEmbUFI
Status: Not hooked

#: 211 Function Name: NtGdiGetUFIPathname
Status: Not hooked

#: 212 Function Name: NtGdiGetEmbedFonts
Status: Not hooked

#: 213 Function Name: NtGdiChangeGhostFont
Status: Not hooked

#: 214 Function Name: NtGdiAddEmbFontToDC
Status: Not hooked

#: 215 Function Name: NtGdiGetFontUnicodeRanges
Status: Not hooked

#: 216 Function Name: NtGdiGetWidthTable
Status: Not hooked

#: 217 Function Name: NtGdiGradientFill
Status: Not hooked

#: 218 Function Name: NtGdiHfontCreate
Status: Not hooked

#: 219 Function Name: NtGdiIcmBrushInfo
Status: Not hooked

#: 220 Function Name: NtGdiInit
Status: Not hooked

#: 221 Function Name: NtGdiInitSpool
Status: Not hooked

#: 222 Function Name: NtGdiIntersectClipRect
Status: Not hooked

#: 223 Function Name: NtGdiInvertRgn
Status: Not hooked

#: 224 Function Name: NtGdiLineTo
Status: Not hooked

#: 225 Function Name: NtGdiMakeFontDir
Status: Not hooked

#: 226 Function Name: NtGdiMakeInfoDC
Status: Not hooked

#: 227 Function Name: NtGdiMaskBlt
Status: Not hooked

#: 228 Function Name: NtGdiModifyWorldTransform
Status: Not hooked

#: 229 Function Name: NtGdiMonoBitmap
Status: Not hooked

#: 230 Function Name: NtGdiMoveTo
Status: Not hooked

#: 231 Function Name: NtGdiOffsetClipRgn
Status: Not hooked

#: 232 Function Name: NtGdiOffsetRgn
Status: Not hooked

#: 233 Function Name: NtGdiOpenDCW
Status: Not hooked

#: 234 Function Name: NtGdiPatBlt
Status: Not hooked

#: 235 Function Name: NtGdiPolyPatBlt
Status: Not hooked

#: 236 Function Name: NtGdiPathToRegion
Status: Not hooked

#: 237 Function Name: NtGdiPlgBlt
Status: Not hooked

#: 238 Function Name: NtGdiPolyDraw
Status: Not hooked

#: 239 Function Name: NtGdiPolyPolyDraw
Status: Not hooked

#: 240 Function Name: NtGdiPolyTextOutW
Status: Not hooked

#: 241 Function Name: NtGdiPtInRegion
Status: Not hooked

#: 242 Function Name: NtGdiPtVisible
Status: Not hooked

#: 243 Function Name: NtGdiQueryFonts
Status: Not hooked

#: 244 Function Name: NtGdiQueryFontAssocInfo
Status: Not hooked

#: 245 Function Name: NtGdiRectangle
Status: Not hooked

#: 246 Function Name: NtGdiRectInRegion
Status: Not hooked

#: 247 Function Name: NtGdiRectVisible
Status: Not hooked

#: 248 Function Name: NtGdiRemoveFontResourceW
Status: Not hooked

#: 249 Function Name: NtGdiRemoveFontMemResourceEx
Status: Not hooked

#: 250 Function Name: NtGdiResetDC
Status: Not hooked

#: 251 Function Name: NtGdiResizePalette
Status: Not hooked

#: 252 Function Name: NtGdiRestoreDC
Status: Not hooked

#: 253 Function Name: NtGdiRoundRect
Status: Not hooked

#: 254 Function Name: NtGdiSaveDC
Status: Not hooked

#: 255 Function Name: NtGdiScaleViewportExtEx
Status: Not hooked

#: 256 Function Name: NtGdiScaleWindowExtEx
Status: Not hooked

#: 257 Function Name: NtGdiSelectBitmap
Status: Not hooked

#: 258 Function Name: NtGdiSelectBrush
Status: Not hooked

#: 259 Function Name: NtGdiSelectClipPath
Status: Not hooked

#: 260 Function Name: NtGdiSelectFont
Status: Not hooked

#: 261 Function Name: NtGdiSelectPen
Status: Not hooked

#: 262 Function Name: NtGdiSetBitmapAttributes
Status: Not hooked

#: 263 Function Name: NtGdiSetBitmapBits
Status: Not hooked

#: 264 Function Name: NtGdiSetBitmapDimension
Status: Not hooked

#: 265 Function Name: NtGdiSetBoundsRect
Status: Not hooked

#: 266 Function Name: NtGdiSetBrushAttributes
Status: Not hooked

#: 267 Function Name: NtGdiSetBrushOrg
Status: Not hooked

#: 268 Function Name: NtGdiSetColorAdjustment
Status: Not hooked

#: 269 Function Name: NtGdiSetColorSpace
Status: Not hooked

#: 270 Function Name: NtGdiSetDeviceGammaRamp
Status: Not hooked

#: 271 Function Name: NtGdiSetDIBitsToDeviceInternal
Status: Not hooked

#: 272 Function Name: NtGdiSetFontEnumeration
Status: Not hooked

#: 273 Function Name: NtGdiSetFontXform
Status: Not hooked

#: 274 Function Name: NtGdiSetIcmMode
Status: Not hooked

#: 275 Function Name: NtGdiSetLinkedUFIs
Status: Not hooked

#: 276 Function Name: NtGdiSetMagicColors
Status: Not hooked

#: 277 Function Name: NtGdiSetMetaRgn
Status: Not hooked

#: 278 Function Name: NtGdiSetMiterLimit
Status: Not hooked

#: 279 Function Name: NtGdiGetDeviceWidth
Status: Not hooked

#: 280 Function Name: NtGdiMirrorWindowOrg
Status: Not hooked

#: 281 Function Name: NtGdiSetLayout
Status: Not hooked

#: 282 Function Name: NtGdiSetPixel
Status: Not hooked

#: 283 Function Name: NtGdiSetPixelFormat
Status: Not hooked

#: 284 Function Name: NtGdiSetRectRgn
Status: Not hooked

#: 285 Function Name: NtGdiSetSystemPaletteUse
Status: Not hooked

#: 286 Function Name: NtGdiSetTextJustification
Status: Not hooked

#: 287 Function Name: NtGdiSetupPublicCFONT
Status: Not hooked

#: 288 Function Name: NtGdiSetVirtualResolution
Status: Not hooked

#: 289 Function Name: NtGdiSetSizeDevice
Status: Not hooked

#: 290 Function Name: NtGdiStartDoc
Status: Not hooked

#: 291 Function Name: NtGdiStartPage
Status: Not hooked

#: 292 Function Name: NtGdiStretchBlt
Status: Not hooked

#: 293 Function Name: NtGdiStretchDIBitsInternal
Status: Not hooked

#: 294 Function Name: NtGdiStrokeAndFillPath
Status: Not hooked

#: 295 Function Name: NtGdiStrokePath
Status: Not hooked

#: 296 Function Name: NtGdiSwapBuffers
Status: Not hooked

#: 297 Function Name: NtGdiTransformPoints
Status: Not hooked

#: 298 Function Name: NtGdiTransparentBlt
Status: Not hooked

#: 299 Function Name: NtGdiUnloadPrinterDriver
Status: Not hooked

#: 300 Function Name: NtGdiUnmapMemFont
Status: Not hooked

#: 301 Function Name: NtGdiUnrealizeObject
Status: Not hooked

#: 302 Function Name: NtGdiUpdateColors
Status: Not hooked

#: 303 Function Name: NtGdiWidenPath
Status: Not hooked

#: 304 Function Name: NtUserActivateKeyboardLayout
Status: Not hooked

#: 305 Function Name: NtUserAlterWindowStyle
Status: Not hooked

#: 306 Function Name: NtUserAssociateInputContext
Status: Not hooked

#: 307 Function Name: NtUserAttachThreadInput
Status: Not hooked

#: 308 Function Name: NtUserBeginPaint
Status: Not hooked

#: 309 Function Name: NtUserBitBltSysBmp
Status: Not hooked

#: 310 Function Name: NtUserBlockInput
Status: Not hooked

#: 311 Function Name: NtUserBuildHimcList
Status: Not hooked

#: 312 Function Name: NtUserBuildHwndList
Status: Not hooked

#: 313 Function Name: NtUserBuildNameList
Status: Not hooked

#: 314 Function Name: NtUserBuildPropList
Status: Not hooked

#: 315 Function Name: NtUserCallHwnd
Status: Not hooked

#: 316 Function Name: NtUserCallHwndLock
Status: Not hooked

#: 317 Function Name: NtUserCallHwndOpt
Status: Not hooked

#: 318 Function Name: NtUserCallHwndParam
Status: Not hooked

#: 319 Function Name: NtUserCallHwndParamLock
Status: Not hooked

#: 320 Function Name: NtUserCallMsgFilter
Status: Not hooked

#: 321 Function Name: NtUserCallNextHookEx
Status: Not hooked

#: 322 Function Name: NtUserCallNoParam
Status: Not hooked

#: 323 Function Name: NtUserCallOneParam
Status: Not hooked

#: 324 Function Name: NtUserCallTwoParam
Status: Not hooked

#: 325 Function Name: NtUserChangeClipboardChain
Status: Not hooked

#: 326 Function Name: NtUserChangeDisplaySettings
Status: Not hooked

#: 327 Function Name: NtUserCheckImeHotKey
Status: Not hooked

#: 328 Function Name: NtUserCheckMenuItem
Status: Not hooked

#: 329 Function Name: NtUserChildWindowFromPointEx
Status: Not hooked

#: 330 Function Name: NtUserClipCursor
Status: Not hooked

#: 331 Function Name: NtUserCloseClipboard
Status: Not hooked

#: 332 Function Name: NtUserCloseDesktop
Status: Not hooked

#: 333 Function Name: NtUserCloseWindowStation
Status: Not hooked

#: 334 Function Name: NtUserConsoleControl
Status: Not hooked

#: 335 Function Name: NtUserConvertMemHandle
Status: Not hooked

#: 336 Function Name: NtUserCopyAcceleratorTable
Status: Not hooked

#: 337 Function Name: NtUserCountClipboardFormats
Status: Not hooked

#: 338 Function Name: NtUserCreateAcceleratorTable
Status: Not hooked

#: 339 Function Name: NtUserCreateCaret
Status: Not hooked

#: 340 Function Name: NtUserCreateDesktop
Status: Not hooked

#: 341 Function Name: NtUserCreateInputContext
Status: Not hooked

#: 342 Function Name: NtUserCreateLocalMemHandle
Status: Not hooked

#: 343 Function Name: NtUserCreateWindowEx
Status: Not hooked

#: 344 Function Name: NtUserCreateWindowStation
Status: Not hooked

#: 345 Function Name: NtUserDdeGetQualityOfService
Status: Not hooked

#: 346 Function Name: NtUserDdeInitialize
Status: Not hooked

#: 347 Function Name: NtUserDdeSetQualityOfService
Status: Not hooked

#: 348 Function Name: NtUserDeferWindowPos
Status: Not hooked

#: 349 Function Name: NtUserDefSetText
Status: Not hooked

#: 350 Function Name: NtUserDeleteMenu
Status: Not hooked

#: 351 Function Name: NtUserDestroyAcceleratorTable
Status: Not hooked

#: 352 Function Name: NtUserDestroyCursor
Status: Not hooked

#: 353 Function Name: NtUserDestroyInputContext
Status: Not hooked

#: 354 Function Name: NtUserDestroyMenu
Status: Not hooked

#: 355 Function Name: NtUserDestroyWindow
Status: Not hooked

#: 356 Function Name: NtUserDisableThreadIme
Status: Not hooked

#: 357 Function Name: NtUserDispatchMessage
Status: Not hooked

#: 358 Function Name: NtUserDragDetect
Status: Not hooked

#: 359 Function Name: NtUserDragObject
Status: Not hooked

#: 360 Function Name: NtUserDrawAnimatedRects
Status: Not hooked

#: 361 Function Name: NtUserDrawCaption
Status: Not hooked

#: 362 Function Name: NtUserDrawCaptionTemp
Status: Not hooked

#: 363 Function Name: NtUserDrawIconEx
Status: Not hooked

#: 364 Function Name: NtUserDrawMenuBarTemp
Status: Not hooked

#: 365 Function Name: NtUserEmptyClipboard
Status: Not hooked

#: 366 Function Name: NtUserEnableMenuItem
Status: Not hooked

#: 367 Function Name: NtUserEnableScrollBar
Status: Not hooked

#: 368 Function Name: NtUserEndDeferWindowPosEx
Status: Not hooked

#: 369 Function Name: NtUserEndMenu
Status: Not hooked

#: 370 Function Name: NtUserEndPaint
Status: Not hooked

#: 371 Function Name: NtUserEnumDisplayDevices
Status: Not hooked

#: 372 Function Name: NtUserEnumDisplayMonitors
Status: Not hooked

#: 373 Function Name: NtUserEnumDisplaySettings
Status: Not hooked

#: 374 Function Name: NtUserEvent
Status: Not hooked

#: 375 Function Name: NtUserExcludeUpdateRgn
Status: Not hooked

#: 376 Function Name: NtUserFillWindow
Status: Not hooked

#: 377 Function Name: NtUserFindExistingCursorIcon
Status: Not hooked

#: 378 Function Name: NtUserFindWindowEx
Status: Not hooked

#: 379 Function Name: NtUserFlashWindowEx
Status: Not hooked

#: 380 Function Name: NtUserGetAltTabInfo
Status: Not hooked

#: 381 Function Name: NtUserGetAncestor
Status: Not hooked

#: 382 Function Name: NtUserGetAppImeLevel
Status: Not hooked

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Not hooked

#: 384 Function Name: NtUserGetAtomName
Status: Not hooked

#: 385 Function Name: NtUserGetCaretBlinkTime
Status: Not hooked

#: 386 Function Name: NtUserGetCaretPos
Status: Not hooked

#: 387 Function Name: NtUserGetClassInfo
Status: Not hooked

#: 388 Function Name: NtUserGetClassName
Status: Not hooked

#: 389 Function Name: NtUserGetClipboardData
Status: Not hooked

#: 390 Function Name: NtUserGetClipboardFormatName
Status: Not hooked

#: 391 Function Name: NtUserGetClipboardOwner
Status: Not hooked

#: 392 Function Name: NtUserGetClipboardSequenceNumber
Status: Not hooked

#: 393 Function Name: NtUserGetClipboardViewer
Status: Not hooked

#: 394 Function Name: NtUserGetClipCursor
Status: Not hooked

#: 395 Function Name: NtUserGetComboBoxInfo
Status: Not hooked

#: 396 Function Name: NtUserGetControlBrush
Status: Not hooked

#: 397 Function Name: NtUserGetControlColor
Status: Not hooked

#: 398 Function Name: NtUserGetCPD
Status: Not hooked

#: 399 Function Name: NtUserGetCursorFrameInfo
Status: Not hooked

#: 400 Function Name: NtUserGetCursorInfo
Status: Not hooked

#: 401 Function Name: NtUserGetDC
Status: Not hooked

#: 402 Function Name: NtUserGetDCEx
Status: Not hooked

#: 403 Function Name: NtUserGetDoubleClickTime
Status: Not hooked

#: 404 Function Name: NtUserGetForegroundWindow
Status: Not hooked

#: 405 Function Name: NtUserGetGuiResources
Status: Not hooked

#: 406 Function Name: NtUserGetGUIThreadInfo
Status: Not hooked

#: 407 Function Name: NtUserGetIconInfo
Status: Not hooked

#: 408 Function Name: NtUserGetIconSize
Status: Not hooked

#: 409 Function Name: NtUserGetImeHotKey
Status: Not hooked

#: 410 Function Name: NtUserGetImeInfoEx
Status: Not hooked

#: 411 Function Name: NtUserGetInternalWindowPos
Status: Not hooked

#: 412 Function Name: NtUserGetKeyboardLayoutList
Status: Not hooked

#: 413 Function Name: NtUserGetKeyboardLayoutName
Status: Not hooked

#: 414 Function Name: NtUserGetKeyboardState
Status: Not hooked

#: 415 Function Name: NtUserGetKeyNameText
Status: Not hooked

#: 416 Function Name: NtUserGetKeyState
Status: Not hooked

#: 417 Function Name: NtUserGetListBoxInfo
Status: Not hooked

#: 418 Function Name: NtUserGetMenuBarInfo
Status: Not hooked

#: 419 Function Name: NtUserGetMenuIndex
Status: Not hooked

#: 420 Function Name: NtUserGetMenuItemRect
Status: Not hooked

#: 421 Function Name: NtUserGetMessage
Status: Not hooked

#: 422 Function Name: NtUserGetMouseMovePointsEx
Status: Not hooked

#: 423 Function Name: NtUserGetObjectInformation
Status: Not hooked

#: 424 Function Name: NtUserGetOpenClipboardWindow
Status: Not hooked

#: 425 Function Name: NtUserGetPriorityClipboardFormat
Status: Not hooked

#: 426 Function Name: NtUserGetProcessWindowStation
Status: Not hooked

#: 427 Function Name: NtUserGetRawInputBuffer
Status: Not hooked

#: 428 Function Name: NtUserGetRawInputData
Status: Not hooked

#: 429 Function Name: NtUserGetRawInputDeviceInfo
Status: Not hooked

#: 430 Function Name: NtUserGetRawInputDeviceList
Status: Not hooked

#: 431 Function Name: NtUserGetRegisteredRawInputDevices
Status: Not hooked

#: 432 Function Name: NtUserGetScrollBarInfo
Status: Not hooked

#: 433 Function Name: NtUserGetSystemMenu
Status: Not hooked

#: 434 Function Name: NtUserGetThreadDesktop
Status: Not hooked

#: 435 Function Name: NtUserGetThreadState
Status: Not hooked

#: 436 Function Name: NtUserGetTitleBarInfo
Status: Not hooked

#: 437 Function Name: NtUserGetUpdateRect
Status: Not hooked

#: 438 Function Name: NtUserGetUpdateRgn
Status: Not hooked

#: 439 Function Name: NtUserGetWindowDC
Status: Not hooked

#: 440 Function Name: NtUserGetWindowPlacement
Status: Not hooked

#: 441 Function Name: NtUserGetWOWClass
Status: Not hooked

#: 442 Function Name: NtUserHardErrorControl
Status: Not hooked

#: 443 Function Name: NtUserHideCaret
Status: Not hooked

#: 444 Function Name: NtUserHiliteMenuItem
Status: Not hooked

#: 445 Function Name: NtUserImpersonateDdeClientWindow
Status: Not hooked

#: 446 Function Name: NtUserInitialize
Status: Not hooked

#: 447 Function Name: NtUserInitializeClientPfnArrays
Status: Not hooked

#: 448 Function Name: NtUserInitTask
Status: Not hooked

#: 449 Function Name: NtUserInternalGetWindowText
Status: Not hooked

#: 450 Function Name: NtUserInvalidateRect
Status: Not hooked

#: 451 Function Name: NtUserInvalidateRgn
Status: Not hooked

#: 452 Function Name: NtUserIsClipboardFormatAvailable
Status: Not hooked

#: 453 Function Name: NtUserKillTimer
Status: Not hooked

#: 454 Function Name: NtUserLoadKeyboardLayoutEx
Status: Not hooked

#: 455 Function Name: NtUserLockWindowStation
Status: Not hooked

#: 456 Function Name: NtUserLockWindowUpdate
Status: Not hooked

#: 457 Function Name: NtUserLockWorkStation
Status: Not hooked

#: 458 Function Name: NtUserMapVirtualKeyEx
Status: Not hooked

#: 459 Function Name: NtUserMenuItemFromPoint
Status: Not hooked

#: 460 Function Name: NtUserMessageCall
Status: Not hooked

#: 461 Function Name: NtUserMinMaximize
Status: Not hooked

#: 462 Function Name: NtUserMNDragLeave
Status: Not hooked

#: 463 Function Name: NtUserMNDragOver
Status: Not hooked

#: 464 Function Name: NtUserModifyUserStartupInfoFlags
Status: Not hooked

#: 465 Function Name: NtUserMoveWindow
Status: Not hooked

#: 466 Function Name: NtUserNotifyIMEStatus
Status: Not hooked

#: 467 Function Name: NtUserNotifyProcessCreate
Status: Not hooked

#: 468 Function Name: NtUserNotifyWinEvent
Status: Not hooked

#: 469 Function Name: NtUserOpenClipboard
Status: Not hooked

#: 470 Function Name: NtUserOpenDesktop
Status: Not hooked

#: 471 Function Name: NtUserOpenInputDesktop
Status: Not hooked

#: 472 Function Name: NtUserOpenWindowStation
Status: Not hooked

#: 473 Function Name: NtUserPaintDesktop
Status: Not hooked

#: 474 Function Name: NtUserPeekMessage
Status: Not hooked

#: 475 Function Name: NtUserPostMessage
Status: Not hooked

#: 476 Function Name: NtUserPostThreadMessage
Status: Not hooked

#: 477 Function Name: NtUserPrintWindow
Status: Not hooked

#: 478 Function Name: NtUserProcessConnect
Status: Not hooked

#: 479 Function Name: NtUserQueryInformationThread
Status: Not hooked

#: 480 Function Name: NtUserQueryInputContext
Status: Not hooked

#: 481 Function Name: NtUserQuerySendMessage
Status: Not hooked

#: 482 Function Name: NtUserQueryUserCounters
Status: Not hooked

#: 483 Function Name: NtUserQueryWindow
Status: Not hooked

#: 484 Function Name: NtUserRealChildWindowFromPoint
Status: Not hooked

#: 485 Function Name: NtUserRealInternalGetMessage
Status: Not hooked

#: 486 Function Name: NtUserRealWaitMessageEx
Status: Not hooked

#: 487 Function Name: NtUserRedrawWindow
Status: Not hooked

#: 488 Function Name: NtUserRegisterClassExWOW
Status: Not hooked

#: 489 Function Name: NtUserRegisterUserApiHook
Status: Not hooked

#: 490 Function Name: NtUserRegisterHotKey
Status: Not hooked

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Not hooked

#: 492 Function Name: NtUserRegisterTasklist
Status: Not hooked

#: 493 Function Name: NtUserRegisterWindowMessage
Status: Not hooked

#: 494 Function Name: NtUserRemoveMenu
Status: Not hooked

#: 495 Function Name: NtUserRemoveProp
Status: Not hooked

#: 496 Function Name: NtUserResolveDesktop
Status: Not hooked

#: 497 Function Name: NtUserResolveDesktopForWOW
Status: Not hooked

#: 498 Function Name: NtUserSBGetParms
Status: Not hooked

#: 499 Function Name: NtUserScrollDC
Status: Not hooked

#: 500 Function Name: NtUserScrollWindowEx
Status: Not hooked

#: 501 Function Name: NtUserSelectPalette
Status: Not hooked

#: 502 Function Name: NtUserSendInput
Status: Not hooked

#: 503 Function Name: NtUserSetActiveWindow
Status: Not hooked

#: 504 Function Name: NtUserSetAppImeLevel
Status: Not hooked

#: 505 Function Name: NtUserSetCapture
Status: Not hooked

#: 506 Function Name: NtUserSetClassLong
Status: Not hooked

#: 507 Function Name: NtUserSetClassWord
Status: Not hooked

#: 508 Function Name: NtUserSetClipboardData
Status: Not hooked

#: 509 Function Name: NtUserSetClipboardViewer
Status: Not hooked

#: 510 Function Name: NtUserSetConsoleReserveKeys
Status: Not hooked

#: 511 Function Name: NtUserSetCursor
Status: Not hooked

#: 512 Function Name: NtUserSetCursorContents
Status: Not hooked

#: 513 Function Name: NtUserSetCursorIconData
Status: Not hooked

#: 514 Function Name: NtUserSetDbgTag
Status: Not hooked

#: 515 Function Name: NtUserSetFocus
Status: Not hooked

#: 516 Function Name: NtUserSetImeHotKey
Status: Not hooked

#: 517 Function Name: NtUserSetImeInfoEx
Status: Not hooked

#: 518 Function Name: NtUserSetImeOwnerWindow
Status: Not hooked

#: 519 Function Name: NtUserSetInformationProcess
Status: Not hooked

#: 520 Function Name: NtUserSetInformationThread
Status: Not hooked

#: 521 Function Name: NtUserSetInternalWindowPos
Status: Not hooked

#: 522 Function Name: NtUserSetKeyboardState
Status: Not hooked

#: 523 Function Name: NtUserSetLogonNotifyWindow
Status: Not hooked

#: 524 Function Name: NtUserSetMenu
Status: Not hooked

#: 525 Function Name: NtUserSetMenuContextHelpId
Status: Not hooked

#: 526 Function Name: NtUserSetMenuDefaultItem
Status: Not hooked

#: 527 Function Name: NtUserSetMenuFlagRtoL
Status: Not hooked

#: 528 Function Name: NtUserSetObjectInformation
Status: Not hooked

#: 529 Function Name: NtUserSetParent
Status: Not hooked

#: 530 Function Name: NtUserSetProcessWindowStation
Status: Not hooked

#: 531 Function Name: NtUserSetProp
Status: Not hooked

#: 532 Function Name: NtUserSetRipFlags
Status: Not hooked

#: 533 Function Name: NtUserSetScrollInfo
Status: Not hooked

#: 534 Function Name: NtUserSetShellWindowEx
Status: Not hooked

#: 535 Function Name: NtUserSetSysColors
Status: Not hooked

#: 536 Function Name: NtUserSetSystemCursor
Status: Not hooked

#: 537 Function Name: NtUserSetSystemMenu
Status: Not hooked

#: 538 Function Name: NtUserSetSystemTimer
Status: Not hooked

#: 539 Function Name: NtUserSetThreadDesktop
Status: Not hooked

#: 540 Function Name: NtUserSetThreadLayoutHandles
Status: Not hooked

#: 541 Function Name: NtUserSetThreadState
Status: Not hooked

#: 542 Function Name: NtUserSetTimer
Status: Not hooked

#: 543 Function Name: NtUserSetWindowFNID
Status: Not hooked

#: 544 Function Name: NtUserSetWindowLong
Status: Not hooked

#: 545 Function Name: NtUserSetWindowPlacement
Status: Not hooked

#: 546 Function Name: NtUserSetWindowPos
Status: Not hooked

#: 547 Function Name: NtUserSetWindowRgn
Status: Not hooked

#: 548 Function Name: NtUserSetWindowsHookAW
Status: Not hooked

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Not hooked

#: 550 Function Name: NtUserSetWindowStationUser
Status: Not hooked

#: 551 Function Name: NtUserSetWindowWord
Status: Not hooked

#: 552 Function Name: NtUserSetWinEventHook
Status: Not hooked

#: 553 Function Name: NtUserShowCaret
Status: Not hooked

#: 554 Function Name: NtUserShowScrollBar
Status: Not hooked

#: 555 Function Name: NtUserShowWindow
Status: Not hooked

#: 556 Function Name: NtUserShowWindowAsync
Status: Not hooked

#: 557 Function Name: NtUserSoundSentry
Status: Not hooked

#: 558 Function Name: NtUserSwitchDesktop
Status: Not hooked

#: 559 Function Name: NtUserSystemParametersInfo
Status: Not hooked

#: 560 Function Name: NtUserTestForInteractiveUser
Status: Not hooked

#: 561 Function Name: NtUserThunkedMenuInfo
Status: Not hooked

#: 562 Function Name: NtUserThunkedMenuItemInfo
Status: Not hooked

#: 563 Function Name: NtUserToUnicodeEx
Status: Not hooked

#: 564 Function Name: NtUserTrackMouseEvent
Status: Not hooked

#: 565 Function Name: NtUserTrackPopupMenuEx
Status: Not hooked

#: 566 Function Name: NtUserCalcMenuBar
Status: Not hooked

#: 567 Function Name: NtUserPaintMenuBar
Status: Not hooked

#: 568 Function Name: NtUserTranslateAccelerator
Status: Not hooked

#: 569 Function Name: NtUserTranslateMessage
Status: Not hooked

#: 570 Function Name: NtUserUnhookWindowsHookEx
Status: Not hooked

#: 571 Function Name: NtUserUnhookWinEvent
Status: Not hooked

#: 572 Function Name: NtUserUnloadKeyboardLayout
Status: Not hooked

#: 573 Function Name: NtUserUnlockWindowStation
Status: Not hooked

#: 574 Function Name: NtUserUnregisterClass
Status: Not hooked

#: 575 Function Name: NtUserUnregisterUserApiHook
Status: Not hooked

#: 576 Function Name: NtUserUnregisterHotKey
Status: Not hooked

#: 577 Function Name: NtUserUpdateInputContext
Status: Not hooked

#: 578 Function Name: NtUserUpdateInstance
Status: Not hooked

#: 579 Function Name: NtUserUpdateLayeredWindow
Status: Not hooked

#: 580 Function Name: NtUserGetLayeredWindowAttributes
Status: Not hooked

#: 581 Function Name: NtUserSetLayeredWindowAttributes
Status: Not hooked

#: 582 Function Name: NtUserUpdatePerUserSystemParameters
Status: Not hooked

#: 583 Function Name: NtUserUserHandleGrantAccess
Status: Not hooked

#: 584 Function Name: NtUserValidateHandleSecure
Status: Not hooked

#: 585 Function Name: NtUserValidateRect
Status: Not hooked

#: 586 Function Name: NtUserValidateTimerCallback
Status: Not hooked

#: 587 Function Name: NtUserVkKeyScanEx
Status: Not hooked

#: 588 Function Name: NtUserWaitForInputIdle
Status: Not hooked

#: 589 Function Name: NtUserWaitForMsgAndEvent
Status: Not hooked

#: 590 Function Name: NtUserWaitMessage
Status: Not hooked

#: 591 Function Name: NtUserWin32PoolAllocationStats
Status: Not hooked

#: 592 Function Name: NtUserWindowFromPoint
Status: Not hooked

#: 593 Function Name: NtUserYieldTask
Status: Not hooked

#: 594 Function Name: NtUserRemoteConnect
Status: Not hooked

#: 595 Function Name: NtUserRemoteRedrawRectangle
Status: Not hooked

#: 596 Function Name: NtUserRemoteRedrawScreen
Status: Not hooked

#: 597 Function Name: NtUserRemoteStopScreenUpdates
Status: Not hooked

#: 598 Function Name: NtUserCtxDisplayIOCtl
Status: Not hooked

#: 599 Function Name: NtGdiEngAssociateSurface
Status: Not hooked

#: 600 Function Name: NtGdiEngCreateBitmap
Status: Not hooked

#: 601 Function Name: NtGdiEngCreateDeviceSurface
Status: Not hooked

#: 602 Function Name: NtGdiEngCreateDeviceBitmap
Status: Not hooked

#: 603 Function Name: NtGdiEngCreatePalette
Status: Not hooked

#: 604 Function Name: NtGdiEngComputeGlyphSet
Status: Not hooked

#: 605 Function Name: NtGdiEngCopyBits
Status: Not hooked

#: 606 Function Name: NtGdiEngDeletePalette
Status: Not hooked

#: 607 Function Name: NtGdiEngDeleteSurface
Status: Not hooked

#: 608 Function Name: NtGdiEngEraseSurface
Status: Not hooked

#: 609 Function Name: NtGdiEngUnlockSurface
Status: Not hooked

#: 610 Function Name: NtGdiEngLockSurface
Status: Not hooked

#: 611 Function Name: NtGdiEngBitBlt
Status: Not hooked

#: 612 Function Name: NtGdiEngStretchBlt
Status: Not hooked

#: 613 Function Name: NtGdiEngPlgBlt
Status: Not hooked

#: 614 Function Name: NtGdiEngMarkBandingSurface
Status: Not hooked

#: 615 Function Name: NtGdiEngStrokePath
Status: Not hooked

#: 616 Function Name: NtGdiEngFillPath
Status: Not hooked

#: 617 Function Name: NtGdiEngStrokeAndFillPath
Status: Not hooked

#: 618 Function Name: NtGdiEngPaint
Status: Not hooked

#: 619 Function Name: NtGdiEngLineTo
Status: Not hooked

#: 620 Function Name: NtGdiEngAlphaBlend
Status: Not hooked

#: 621 Function Name: NtGdiEngGradientFill
Status: Not hooked

#: 622 Function Name: NtGdiEngTransparentBlt
Status: Not hooked

#: 623 Function Name: NtGdiEngTextOut
Status: Not hooked

#: 624 Function Name: NtGdiEngStretchBltROP
Status: Not hooked

#: 625 Function Name: NtGdiXLATEOBJ_cGetPalette
Status: Not hooked

#: 626 Function Name: NtGdiXLATEOBJ_iXlate
Status: Not hooked

#: 627 Function Name: NtGdiXLATEOBJ_hGetColorTransform
Status: Not hooked

#: 628 Function Name: NtGdiCLIPOBJ_bEnum
Status: Not hooked

#: 629 Function Name: NtGdiCLIPOBJ_cEnumStart
Status: Not hooked

#: 630 Function Name: NtGdiCLIPOBJ_ppoGetPath
Status: Not hooked

#: 631 Function Name: NtGdiEngDeletePath
Status: Not hooked

#: 632 Function Name: NtGdiEngCreateClip
Status: Not hooked

#: 633 Function Name: NtGdiEngDeleteClip
Status: Not hooked

#: 634 Function Name: NtGdiBRUSHOBJ_ulGetBrushColor
Status: Not hooked

#: 635 Function Name: NtGdiBRUSHOBJ_pvAllocRbrush
Status: Not hooked

#: 636 Function Name: NtGdiBRUSHOBJ_pvGetRbrush
Status: Not hooked

#: 637 Function Name: NtGdiBRUSHOBJ_hGetColorTransform
Status: Not hooked

#: 638 Function Name: NtGdiXFORMOBJ_bApplyXform
Status: Not hooked

#: 639 Function Name: NtGdiXFORMOBJ_iGetXform
Status: Not hooked

#: 640 Function Name: NtGdiFONTOBJ_vGetInfo
Status: Not hooked

#: 641 Function Name: NtGdiFONTOBJ_pxoGetXform
Status: Not hooked

#: 642 Function Name: NtGdiFONTOBJ_cGetGlyphs
Status: Not hooked

#: 643 Function Name: NtGdiFONTOBJ_pifi
Status: Not hooked

#: 644 Function Name: NtGdiFONTOBJ_pfdg
Status: Not hooked

#: 645 Function Name: NtGdiFONTOBJ_pQueryGlyphAttrs
Status: Not hooked

#: 646 Function Name: NtGdiFONTOBJ_pvTrueTypeFontFile
Status: Not hooked

#: 647 Function Name: NtGdiFONTOBJ_cGetAllGlyphHandles
Status: Not hooked

#: 648 Function Name: NtGdiSTROBJ_bEnum
Status: Not hooked

#: 649 Function Name: NtGdiSTROBJ_bEnumPositionsOnly
Status: Not hooked

#: 650 Function Name: NtGdiSTROBJ_bGetAdvanceWidths
Status: Not hooked

#: 651 Function Name: NtGdiSTROBJ_vEnumStart
Status: Not hooked

#: 652 Function Name: NtGdiSTROBJ_dwGetCodePage
Status: Not hooked

#: 653 Function Name: NtGdiPATHOBJ_vGetBounds
Status: Not hooked

#: 654 Function Name: NtGdiPATHOBJ_bEnum
Status: Not hooked

#: 655 Function Name: NtGdiPATHOBJ_vEnumStart
Status: Not hooked

#: 656 Function Name: NtGdiPATHOBJ_vEnumStartClipLines
Status: Not hooked

#: 657 Function Name: NtGdiPATHOBJ_bEnumClipLines
Status: Not hooked

#: 658 Function Name: NtGdiGetDhpdev
Status: Not hooked

#: 659 Function Name: NtGdiEngCheckAbort
Status: Not hooked

#: 660 Function Name: NtGdiHT_Get8BPPFormatPalette
Status: Not hooked

#: 661 Function Name: NtGdiHT_Get8BPPMaskPalette
Status: Not hooked

#: 662 Function Name: NtGdiUpdateTransform
Status: Not hooked

#: 663 Function Name: NtGdiSetPUMPDOBJ
Status: Not hooked

#: 664 Function Name: NtGdiBRUSHOBJ_DeleteRbrush
Status: Not hooked

#: 665 Function Name: NtGdiUnmapMemFont
Status: Not hooked

#: 666 Function Name: NtGdiDrawStream
Status: Not hooked

[kyky66]

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/30 22:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001 Function Name: NtAccessCheck
Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003 Function Name: NtAccessCheckByType
Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008 Function Name: NtAddAtom
Status: Not hooked

#: 009 Function Name: NtAddBootEntry
Status: Not hooked

#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 012 Function Name: NtAlertResumeThread
Status: Not hooked

#: 013 Function Name: NtAlertThread
Status: Not hooked

#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 016 Function Name: NtAllocateUuids
Status: Not hooked

#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked

#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 020 Function Name: NtCallbackReturn
Status: Not hooked

#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked

#: 022 Function Name: NtCancelIoFile
Status: Not hooked

#: 023 Function Name: NtCancelTimer
Status: Not hooked

#: 024 Function Name: NtClearEvent
Status: Not hooked

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5996cd2

#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 027 Function Name: NtCompactKeys
Status: Not hooked

#: 028 Function Name: NtCompareTokens
Status: Not hooked

#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked

#: 030 Function Name: NtCompressKey
Status: Not hooked

#: 031 Function Name: NtConnectPort
Status: Not hooked

#: 032 Function Name: NtContinue
Status: Not hooked

#: 033 Function Name: NtCreateDebugObject
Status: Not hooked

#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 035 Function Name: NtCreateEvent
Status: Not hooked

#: 036 Function Name: NtCreateEventPair
Status: Not hooked

#: 037 Function Name: NtCreateFile
Status: Not hooked

#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked

#: 039 Function Name: NtCreateJobObject
Status: Not hooked

#: 040 Function Name: NtCreateJobSet
Status: Not hooked

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5996b8e

#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked

#: 043 Function Name: NtCreateMutant
Status: Not hooked

#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 045 Function Name: NtCreatePagingFile
Status: Not hooked

#: 046 Function Name: NtCreatePort
Status: Not hooked

#: 047 Function Name: NtCreateProcess
Status: Not hooked

#: 048 Function Name: NtCreateProcessEx
Status: Not hooked

#: 049 Function Name: NtCreateProfile
Status: Not hooked

#: 050 Function Name: NtCreateSection
Status: Not hooked

#: 051 Function Name: NtCreateSemaphore
Status: Not hooked

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 053 Function Name: NtCreateThread
Status: Not hooked

#: 054 Function Name: NtCreateTimer
Status: Not hooked

#: 055 Function Name: NtCreateToken
Status: Not hooked

#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked

#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked

#: 058 Function Name: NtDebugContinue
Status: Not hooked

#: 059 Function Name: NtDelayExecution
Status: Not hooked

#: 060 Function Name: NtDeleteAtom
Status: Not hooked

#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked

#: 062 Function Name: NtDeleteFile
Status: Not hooked

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5997142

#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb599706c

#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 067 Function Name: NtDisplayString
Status: Not hooked

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5996764

#: 069 Function Name: NtDuplicateToken
Status: Not hooked

#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "splj.sys" at address 0xba6c6ca2

#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "splj.sys" at address 0xba6c7030

#: 074 Function Name: NtExtendSection
Status: Not hooked

#: 075 Function Name: NtFilterToken
Status: Not hooked

#: 076 Function Name: NtFindAtom
Status: Not hooked

#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked

#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked

#: 079 Function Name: NtFlushKey
Status: Not hooked

#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 084 Function Name: NtFsControlFile
Status: Not hooked

#: 085 Function Name: NtGetContextThread
Status: Not hooked

#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked

#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 088 Function Name: NtGetWriteWatch
Status: Not hooked

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 091 Function Name: NtImpersonateThread
Status: Not hooked

#: 092 Function Name: NtInitializeRegistry
Status: Not hooked

#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked

#: 094 Function Name: NtIsProcessInJob
Status: Not hooked

#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 096 Function Name: NtListenPort
Status: Not hooked

#: 097 Function Name: NtLoadDriver
Status: Not hooked

#: 098 Function Name: NtLoadKey
Status: Not hooked

#: 099 Function Name: NtLoadKey2
Status: Not hooked

#: 100 Function Name: NtLockFile
Status: Not hooked

#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 102 Function Name: NtLockRegistryKey
Status: Not hooked

#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked

#: 104 Function Name: NtMakePermanentObject
Status: Not hooked

#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 108 Function Name: NtMapViewOfSection
Status: Not hooked

#: 109 Function Name: NtModifyBootEntry
Status: Not hooked

#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked

#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 114 Function Name: NtOpenEvent
Status: Not hooked

#: 115 Function Name: NtOpenEventPair
Status: Not hooked

#: 116 Function Name: NtOpenFile
Status: Not hooked

#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked

#: 118 Function Name: NtOpenJobObject
Status: Not hooked

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5996c68

#: 120 Function Name: NtOpenMutant
Status: Not hooked

#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb59966a4

#: 123 Function Name: NtOpenProcessToken
Status: Not hooked

#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 125 Function Name: NtOpenSection
Status: Not hooked

#: 126 Function Name: NtOpenSemaphore
Status: Not hooked

#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5996708

#: 129 Function Name: NtOpenThreadToken
Status: Not hooked

#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 131 Function Name: NtOpenTimer
Status: Not hooked

#: 132 Function Name: NtPlugPlayControl
Status: Not hooked

#: 133 Function Name: NtPowerInformation
Status: Not hooked

#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked

#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked

#: 138 Function Name: NtPulseEvent
Status: Not hooked

#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked

#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 141 Function Name: NtQueryBootOptions
Status: Not hooked

#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 147 Function Name: NtQueryEaFile
Status: Not hooked

#: 148 Function Name: NtQueryEvent
Status: Not hooked

#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked

#: 151 Function Name: NtQueryInformationFile
Status: Not hooked

#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 153 Function Name: NtQueryInformationPort
Status: Not hooked

#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked

#: 155 Function Name: NtQueryInformationThread
Status: Not hooked

#: 156 Function Name: NtQueryInformationToken
Status: Not hooked

#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked

#: 160 Function Name: NtQueryKey
Status: Hooked by "splj.sys" at address 0xba6c7108

#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 162 Function Name: NtQueryMutant
Status: Not hooked

#: 163 Function Name: NtQueryObject
Status: Not hooked

#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 167 Function Name: NtQuerySection
Status: Not hooked

#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked

#: 169 Function Name: NtQuerySemaphore
Status: Not hooked

#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked

#: 174 Function Name: NtQuerySystemTime
Status: Not hooked

#: 175 Function Name: NtQueryTimer
Status: Not hooked

#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5996d88

#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 180 Function Name: NtQueueApcThread
Status: Not hooked

#: 181 Function Name: NtRaiseException
Status: Not hooked

#: 182 Function Name: NtRaiseHardError
Status: Not hooked

#: 183 Function Name: NtReadFile
Status: Not hooked

#: 184 Function Name: NtReadFileScatter
Status: Not hooked

#: 185 Function Name: NtReadRequestData
Status: Not hooked

#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked

#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 188 Function Name: NtReleaseMutant
Status: Not hooked

#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked

#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5997210

#: 193 Function Name: NtReplaceKey
Status: Not hooked

#: 194 Function Name: NtReplyPort
Status: Not hooked

#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 199 Function Name: NtRequestPort
Status: Not hooked

#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 202 Function Name: NtResetEvent
Status: Not hooked

#: 203 Function Name: NtResetWriteWatch
Status: Not hooked

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5996d48

#: 205 Function Name: NtResumeProcess
Status: Not hooked

#: 206 Function Name: NtResumeThread
Status: Not hooked

#: 207 Function Name: NtSaveKey
Status: Not hooked

#: 208 Function Name: NtSaveKeyEx
Status: Not hooked

#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked

#: 210 Function Name: NtSecureConnectPort
Status: Not hooked

#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 212 Function Name: NtSetBootOptions
Status: Not hooked

#: 213 Function Name: NtSetContextThread
Status: Not hooked

#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked

#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked

#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 218 Function Name: NtSetEaFile
Status: Not hooked

#: 219 Function Name: NtSetEvent
Status: Not hooked

#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 221 Function Name: NtSetHighEventPair
Status: Not hooked

#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 224 Function Name: NtSetInformationFile
Status: Not hooked

#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked

#: 226 Function Name: NtSetInformationKey
Status: Not hooked

#: 227 Function Name: NtSetInformationObject
Status: Not hooked

#: 228 Function Name: NtSetInformationProcess
Status: Not hooked

#: 229 Function Name: NtSetInformationThread
Status: Not hooked

#: 230 Function Name: NtSetInformationToken
Status: Not hooked

#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked

#: 232 Function Name: NtSetIoCompletion
Status: Not hooked

#: 233 Function Name: NtSetLdtEntries
Status: Not hooked

#: 234 Function Name: NtSetLowEventPair
Status: Not hooked

#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 237 Function Name: NtSetSecurityObject
Status: Not hooked

#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 240 Function Name: NtSetSystemInformation
Status: Not hooked

#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked

#: 242 Function Name: NtSetSystemTime
Status: Not hooked

#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 244 Function Name: NtSetTimer
Status: Not hooked

#: 245 Function Name: NtSetTimerResolution
Status: Not hooked

#: 246 Function Name: NtSetUuidSeed
Status: Not hooked

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb5996ec8

#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 249 Function Name: NtShutdownSystem
Status: Not hooked

#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 251 Function Name: NtStartProfile
Status: Not hooked

#: 252 Function Name: NtStopProfile
Status: Not hooked

#: 253 Function Name: NtSuspendProcess
Status: Not hooked

#: 254 Function Name: NtSuspendThread
Status: Not hooked

#: 255 Function Name: NtSystemDebugControl
Status: Not hooked

#: 256 Function Name: NtTerminateJobObject
Status: Not hooked

#: 257 Function Name: NtTerminateProcess
Status: Not hooked

#: 258 Function Name: NtTerminateThread
Status: Not hooked

#: 259 Function Name: NtTestAlert
Status: Not hooked

#: 260 Function Name: NtTraceEvent
Status: Not hooked

#: 261 Function Name: NtTranslateFilePath
Status: Not hooked

#: 262 Function Name: NtUnloadDriver
Status: Not hooked

#: 263 Function Name: NtUnloadKey
Status: Not hooked

#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked

#: 265 Function Name: NtUnlockFile
Status: Not hooked

#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked

#: 268 Function Name: NtVdmControl
Status: Not hooked

#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked

#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked

#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked

#: 274 Function Name: NtWriteFile
Status: Not hooked

#: 275 Function Name: NtWriteFileGather
Status: Not hooked

#: 276 Function Name: NtWriteRequestData
Status: Not hooked

#: 277 Function Name: NtWriteVirtualMemory
Status: Not hooked

#: 278 Function Name: NtYieldExecution
Status: Not hooked

#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/30 22:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8b1181f8 Size: 121

Object: Hidden Code [Driver: aebk4sllࠅ捃䙐ࠁᰂ綠訤, IRP_MJ_CREATE]
Process: System Address: 0x8aef91f8 Size: 121

Object: Hidden Code [Driver: aebk4sllࠅ捃䙐ࠁᰂ綠訤, IRP_MJ_CLOSE]
Process: System Address: 0x8aef91f8 Size: 121

Object: Hidden Code [Driver: aebk4sllࠅ捃䙐ࠁᰂ綠訤, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aef91f8 Size: 121

Object: Hidden Code [Driver: aebk4sllࠅ捃䙐ࠁᰂ綠訤, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aef91f8 Size: 121

Object: Hidden Code [Driver: aebk4sllࠅ捃䙐ࠁᰂ綠訤, IRP_MJ_POWER]
Process: System Address: 0x8aef91f8 Size: 121

Object: Hidden Code [Driver: aebk4sllࠅ捃䙐ࠁᰂ綠訤, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aef91f8 Size: 121

Object: Hidden Code [Driver: aebk4sllࠅ捃䙐ࠁᰂ綠訤, IRP_MJ_PNP]
Process: System Address: 0x8aef91f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8aefa1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8a605500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8a605500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8a605500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8a605500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a605500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a605500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8a605500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a605500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8a605500 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8b1891f8 Size: 121

Object: Hidden Code [Driver: prodrv06Ѕఇ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0xe1eed708 Size: 1331

Object: Hidden Code [Driver: prodrv06Ѕఇ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0xe1eed708 Size: 1331

Object: Hidden Code [Driver: prodrv06Ѕఇ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xe1eed708 Size: 1331

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8b06a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8b06a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b06a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b06a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8b06a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b06a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8b06a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8b11a1f8 Size: 121

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]
Process: System Address: 0xe101b8e0 Size: 1674

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]
Process: System Address: 0xe101b8e0 Size: 1674

Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xe101b8e0 Size: 1674

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a7e91f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a7e91f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7e91f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a7e91f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7e91f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a7e91f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8af811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8af811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8af811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8af811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8af811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8af811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8af811f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8a7721f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_CREATE]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_CLOSE]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_READ]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_CLEANUP]
Process: System Address: 0x8ae14248 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఊ祓む„„ᣨ, IRP_MJ_PNP]
Process: System Address: 0x8ae14248 Size: 121

[motji]

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC


Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde



Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde [/quote]



Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

[kyky66]

Automatická kontrola: dokončeno před 8 min. (události: 8, objekty: 999301, čas: 02:42:18)
2010-12-02 11:49 Úloha byla spuštěna
2010-12-02 11:55 Zjištěno: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Jitka\Dokumenty\Peter\Program\pokus2.exe
2010-12-02 11:55 Odstraněno: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Jitka\Dokumenty\Peter\Program\pokus2.exe
2010-12-02 12:14 Zjištěno: Backdoor.Win32.Rbot.aokk C:\Program Files\IMSI\FloorPlan 3D v11\DataBase\FP3D.exe/Armadillo
2010-12-02 12:14 Odstraněno: Backdoor.Win32.Rbot.aokk C:\Program Files\IMSI\FloorPlan 3D v11\DataBase\FP3D.exe
2010-12-02 13:26 Zjištěno: Hoax.Win32.BadJoke.Agent.bt E:\Program Files\QIP\Users\227767170\RcvdFiles\474314565_Sladka.Pusinka\Chodnik.exe
2010-12-02 13:26 Odstraněno: Hoax.Win32.BadJoke.Agent.bt E:\Program Files\QIP\Users\227767170\RcvdFiles\474314565_Sladka.Pusinka\Chodnik.exe
2010-12-02 14:31 Úloha byla dokončena


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:25 on 02/12/2010 (Jitka)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD642JJ rev.1AA01113 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-12

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS
C:\WINDOWS\system32\drivers\prosync1.sys Protection Technology StarForce Protection System
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B111AB8]
3 CLASSPNP[0xBA8E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007a[0x8B1179E8]
5 ACPI[0xBA77F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP3T1L0-12[0x8B126B00]
kernel: MBR read successfully
user & kernel MBR OK



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-02 11:24:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-12 SAMSUNG_HD642JJ rev.1AA01113
Running: gmer.exe; Driver: C:\DOCUME~1\Jitka\LOCALS~1\Temp\ugtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB5B6DCD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB5B6DB8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB5B6E142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB5B6E06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB5B6D764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB5B6DC68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB5B6D6A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB5B6D708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB5B6DD88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB5B6E210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB5B6DD48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB5B6DEC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB5B7AB9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB5B7A9C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB5B7AAFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B5B7AAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AC 7 Bytes JMP B5B7A9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC520 5 Bytes JMP B5B765B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FA4 5 Bytes JMP B5B77F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP B5B7ABA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95E0360, 0x3156DD, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[1048] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\prodrv06 \Device\ProDrv06 E1EDC008

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-a prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-12 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\prohlp02 \Device\ProHlp02 E18A2F80

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFE 0x38 0xD0 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x0B 0x8A 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8B 0x76 0x8D 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x3A 0x55 0x8C 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFE 0x38 0xD0 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x0B 0x8A 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x40 0x63 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x3B 0x39 0x34 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFE 0x38 0xD0 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0x0B 0x8A 0x83 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8B 0x76 0x8D 0x62 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x3A 0x55 0x8C 0x70 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer@RelPattern *.asf?*.avi?*.divx?*.mov?*.mpeg?*.mpg?*.ogm?*.qt?*.rm?*.wmv?*.mkv?*.vob?*.m1v?*.m2v?*.swf?*.fli?*.flc?*.flic?*.dat?*.mp4?*.mpe?*.3gp?*.3g2?*.ts?*.tp?*.trp?*.k3g?*.flv?*.asf?*.avi?*.divx?*.mov?*.mpeg?*.mpg?*.ogm?*.qt?*.rm?*.wmv?*.mkv?*.vob?*.m1v?*.m2v?*.swf?*.fli?*.flc?*.flic?*.dat?*.mp4?*.mpe?*.3gp?*.3g2?*.ts?*.tp?*.trp?*.k3g?*.flv?*.mpg?VIDEO\*.mpg?*.mpe

---- EOF - GMER 1.0.15 ----

[motji]

to byl velký sken?
Jak to vypadá s počítačem?

[kyky66]

jj byl ... toz ta mechanika mi to dela stale

[motji]

Zkuste jí odinstalovat a restartovat pc

[kyky66]

Tak dekuji za pomoc uz jsem to snad s tou mechanikou vyresila bo jsem ji rozebrala a vycistila kontakty okolo tlacitka ... tak zatim jede bez problemu

[motji]

aspon víte, že máte pc bez virů

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[kyky66]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jitka at 2010-12-13 19:51:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 77 GB (52%) free of 150 GB
Total RAM: 3327 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:51:20, on 13.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\klávesnice\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Jitka\Plocha\HijackThis\RSIT-lepsi.exe
C:\Program Files\trend micro\Jitka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\OFFICESXP\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Jitka\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\icq\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\icq\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca2fcd12ac4984) (gupdate1ca2fcd12ac4984) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBService - Unknown owner - E:\Program Files\Invisible Browsing\servers\IBService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10437 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-04 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-24 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-04 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-09 13533184]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"QuickTime Task"=E:\QuickTime\qttask.exe [2009-05-26 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-07 198160]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"nwiz"=nwiz.exe /install []
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-13 39408]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - E:\Program Files\klávesnice\SetPoint\SetPoint.exe
Microsoft Office.lnk - E:\OFFICESXP\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\QIP\qip.exe"="E:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"F:\assassin\AssassinsCreed_Dx9.exe"="F:\assassin\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"F:\assassin\AssassinsCreed_Dx10.exe"="F:\assassin\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"F:\assassin\AssassinsCreed_Launcher.exe"="F:\assassin\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"F:\Empire Earth\Empire Earth.exe"="F:\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"E:\Documents and Settings\Jitka\Dokumenty\uTorrent.exe"="E:\Documents and Settings\Jitka\Dokumenty\uTorrent.exe:*:Enabled:µTorrent"
"F:\Heroes of Might and Magic V Collector Edition\bin\H5_Game.exe"="F:\Heroes of Might and Magic V Collector Edition\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"E:\icq\ICQ6.5\ICQ.exe"="E:\icq\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"F:\TmNationsForever\TmForever.exe"="F:\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"F:\Sacred\Sacred.exe"="F:\Sacred\Sacred.exe:*:Enabled:Sacred"
"F:\Sacred 2\system\s2gs.exe"="F:\Sacred 2\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"F:\Sacred 2\system\sacred2.exe"="F:\Sacred 2\system\sacred2.exe:*:Enabled:Sacred 2"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-13 19:51:17 ----D---- C:\rsit
2010-12-13 19:37:58 ----D---- C:\Program Files\CCleaner
2010-12-10 13:04:44 ----D---- C:\Program Files\Common Files\Skype
2010-11-30 22:58:35 ----A---- C:\RootRepeal report 11-30-10 (22-58-35).txt
2010-11-30 22:58:20 ----A---- C:\RootRepeal report 11-30-10 (22-58-20).txt
2010-11-30 22:45:15 ----SHD---- C:\RECYCLER
2010-11-30 22:44:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\WinZip
2010-11-28 12:30:47 ----A---- C:\Boot.bak
2010-11-28 12:30:43 ----RASHD---- C:\cmdcons
2010-11-23 19:04:18 ----D---- C:\Program Files\trend micro
2010-11-22 18:08:16 ----D---- C:\WINDOWS\SxsCaPendDel

======List of files/folders modified in the last 1 months======

2010-12-13 19:51:07 ----D---- C:\WINDOWS\Prefetch
2010-12-13 19:50:36 ----D---- C:\WINDOWS\Temp
2010-12-13 19:50:27 ----AD---- C:\WINDOWS
2010-12-13 19:48:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-13 19:37:58 ----D---- C:\Program Files
2010-12-13 19:33:57 ----D---- C:\WINDOWS\system32
2010-12-13 19:29:51 ----SHD---- C:\System Volume Information
2010-12-13 19:29:51 ----D---- C:\WINDOWS\system32\Restore
2010-12-13 17:04:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-11 13:55:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-10 21:58:45 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-10 13:05:00 ----SHD---- C:\WINDOWS\Installer
2010-12-10 13:04:59 ----D---- C:\Config.Msi
2010-12-10 13:04:58 ----RD---- C:\Program Files\Skype
2010-12-10 13:04:44 ----D---- C:\Program Files\Common Files
2010-12-10 13:04:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-12-05 18:06:27 ----D---- C:\Documents and Settings\Jitka\Data aplikací\WinRAR
2010-12-05 08:38:57 ----A---- C:\WINDOWS\win.ini
2010-12-05 08:37:10 ----HD---- C:\WINDOWS\inf
2010-12-02 14:42:32 ----D---- C:\WINDOWS\system32\drivers
2010-12-01 17:42:14 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-11-30 15:42:41 ----A---- C:\WINDOWS\system.ini
2010-11-30 15:41:45 ----D---- C:\WINDOWS\AppPatch
2010-11-28 13:14:07 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-28 13:13:54 ----D---- C:\WINDOWS\system
2010-11-28 12:30:47 ----RASH---- C:\boot.ini
2010-11-27 19:56:06 ----D---- C:\Documents and Settings\Jitka\Data aplikací\ICQ
2010-11-22 18:08:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-22 18:07:54 ----D---- C:\Program Files\DivX
2010-11-19 15:51:37 ----D---- C:\Documents and Settings\Jitka\Data aplikací\Skype
2010-11-19 15:34:26 ----D---- C:\Documents and Settings\Jitka\Data aplikací\skypePM
2010-11-14 17:41:48 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2009-02-28 114048]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 XilinxPC4Driver;XilinxPC4Driver; C:\WINDOWS\System32\drivers\XPC4DRVR.SYS [2007-05-18 16000]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-13 4754944]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-09 6011808]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 111312]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2008-07-03 193696]
S3 dmodusb;dmodusb; C:\WINDOWS\system32\DRIVERS\dmodusb.sys [2009-05-11 26240]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-25 17480]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2009-04-13 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2009-04-13 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2009-04-13 94064]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2009-04-13 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2009-04-13 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2009-04-13 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2009-04-13 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2009-04-13 79488]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XilinxFirmwareEmbeddedLoader;XilinxFirmwareEmbeddedLoader; C:\WINDOWS\System32\Drivers\xusb_xup.sys [2007-05-18 17408]
S3 XilinxFirmwareEmbeddedLpLoader;XilinxFirmwareEmbeddedLpLoader; C:\WINDOWS\System32\Drivers\xusb_emb.sys [2007-05-18 17408]
S3 XilinxFirmwareLoader;XilinxFirmwareLoader; C:\WINDOWS\System32\Drivers\xusbdfwu.sys [2007-05-18 17280]
S3 XilinxFirmwareLpLoader;XilinxFirmwareLpLoader; C:\WINDOWS\System32\Drivers\xusb_xlp.sys [2007-05-18 17280]
S3 XilinxFirmwareXpressLoader;XilinxFirmwareXpressLoader; C:\WINDOWS\System32\Drivers\xusb_xpr.sys [2007-05-18 16768]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-09 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1ca2fcd12ac4984;Služba Google Update (gupdate1ca2fcd12ac4984); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
S2 IBService;IBService; E:\Program Files\Invisible Browsing\servers\IBService.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-05 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-31 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]

-----------------EOF-----------------