VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

sys soubory s rootkity

https://forum.viry.cz:443/viewtopic.php?t=98661

Stránka 2 z 3

Re: sys soubory s rootkity

Napsal: 09 bře 2010 14:20
od fru-fru
5.



---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Mup \Dfs Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000025 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000025 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000032
Device \Device\00000019
Device \FileSystem\NetBIOS \Device\Netbios netbios.sys (NetBIOS interface driver/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000026 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000026 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000033 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000027 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000027 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE0 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000040
Device \Device\00000034
Device \Driver\swenum \Device\KSENUM#00000002 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Fips \Device\Fips Fips.SYS (FIPS Crypto Driver/Microsoft Corporation)
Device \Driver\Fips \Device\Fips ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video0
Device \Driver\PnpManager \Device\00000028 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000028 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE1 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000041
Device \Device\00000035
Device \Driver\Kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video1
Device \Driver\PnpManager \Device\00000029 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000029 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000042 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000036
Device \Driver\ACPI \Device\00000050 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\Video2
Device \Driver\Serial \Device\Serial0 serial.sys (Serial Device Driver/Microsoft Corporation)
Device \Driver\Serial \Device\Serial0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\isapnp \Device\00000043 isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation)
Device \Driver\isapnp \Device\00000043 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000037 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000000a
Device \Driver\usbuhci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video3
Device \Driver\Serial \Device\Serial1 serial.sys (Serial Device Driver/Microsoft Corporation)
Device \Driver\Serial \Device\Serial1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Processor
Device \Driver\Mouclass \Device\PointerClass1 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000051
Device \Device\00000044
Device \Device\00000038
Device \Device\0000000b
Device \Driver\usbuhci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000052 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000045
Device \Device\00000039
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000000c
Device \Device\FloppyPDO0
Device \Driver\usbuhci \Device\USBPDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000053 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000046
Device \Device\NTPNP_PCI0000
Device \Device\0000001a
Device \Device\0000000d
Device \Driver\usbuhci \Device\USBPDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0001 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0001 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000047
Device \Device\0000001b
Device \Device\0000000e
Device \Driver\usbehci \Device\USBPDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ipnat.sys (IP Network Address Translator/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\PSched NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PSched \Device\PSched NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\00000055 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000048 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0002 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\0000001c
Device \Device\0000000f
Device \Driver\Tcpip \Device\Tcp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\Parport \Device\ParallelPort0 parport.sys (Parallel Port Driver/Microsoft Corporation)
Device \Driver\Parport \Device\ParallelPort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ParVdm \Device\ParallelVdm0 ParVdm.SYS (VDM Parallel Driver/Microsoft Corporation)
Device \Driver\ParVdm \Device\ParallelVdm0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0003 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000056 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000049
Device \Device\NTPNP_PCI0010
Device \Device\0000001d
Device \Device\00000057
Device \Driver\PCI \Device\NTPNP_PCI0004 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0004 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\0000002a
Device \Device\NTPNP_PCI0011
Device \Device\0000001e
Device \Driver\Ftdisk \Device\HarddiskVolume1 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Http\Filter
Device \Device\Http\AppPool
Device \Device\Http\Control
Device \Driver\PnpManager \Device\0000002b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0012 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0012 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\i
Device \Driver\Ftdisk \Device\HarddiskVolume2 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ks.sys (Kernel CSA Library/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio sysaudio.sys (System Audio WDM Filter/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0006 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0006 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\usbhub \Device\00000059 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000059 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Device\Ide\PciIde0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Parport \Device\Parallel0 parport.sys (Parallel Port Driver/Microsoft Corporation)
Device \Driver\Parport \Device\Parallel0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0007 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0007 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003a ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{15918C48-6CC6-4D25-9573-04D32BAD25F2} netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{15918C48-6CC6-4D25-9573-04D32BAD25F2} ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{0EF57225-4414-46EA-8FBA-EF1FCAFFF49A} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PSched \Device\{0EF57225-4414-46EA-8FBA-EF1FCAFFF49A} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0009 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0009 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\kgxorkow \Device\kgxorkow kgxorkow.sys
Device \Driver\kgxorkow \Device\kgxorkow ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003f ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\RTL8023xp \Device\{15918C48-6CC6-4D25-9573-04D32BAD25F2} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\RTL8023xp \Device\{15918C48-6CC6-4D25-9573-04D32BAD25F2} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005a usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager MountMgr.sys (Mount Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005b usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Srv \Device\LanmanServer srv.sys (Server driver/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004f ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Wanarp \Device\WANARP wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005c usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\RTL8023xp \Device\RealTekCard NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\RTL8023xp \Device\RealTekCard NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005d usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Harddisk0\DP(2)0xc3c4d6a00-0x1906c81800+2
Device \Device\Harddisk0\DP(1)0x7e00-0xc3c4cec00+1
Device \Driver\Tcpip \Device\RawIp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWanIp NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWanIp NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{82FCDEE0-6B9D-482A-B25A-45637F68F06F} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PSched \Device\{82FCDEE0-6B9D-482A-B25A-45637F68F06F} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PptpMiniport \Device\{51A3D16E-0F7E-4963-8A37-CE23189F3665} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PptpMiniport \Device\{51A3D16E-0F7E-4963-8A37-CE23189F3665} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ipsec.sys (IPSec Driver/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ptilink \Device\ParTechInc0 ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)

Re: sys soubory s rootkity

Napsal: 09 bře 2010 14:21
od fru-fru
6.

Device \Driver\Ptilink \Device\ParTechInc0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWan NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWan NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Gpc \Device\Gpc msgpc.sys (MS General Packet Classifier/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\RasPppoe \Device\{C8C3B233-5234-436B-87FB-0C7648A846DE} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\RasPppoe \Device\{C8C3B233-5234-436B-87FB-0C7648A846DE} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Mup \Device\WinDfs\Root Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000031 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000031 hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\Filters\SystemRestore
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 804D7000-806CDE80 (2059904 bytes)
Module \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806CE000-806EE380 (131968 bytes)
Module \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation) F8972000-F8974000 (8192 bytes)
Module \WINDOWS\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) F8882000-F8885000 (12288 bytes)
Module ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F8343000-F8371000 (188416 bytes)
Module \WINDOWS\system32\DRIVERS\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) F8974000-F8976000 (8192 bytes)
Module pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) F8332000-F8343000 (69632 bytes)
Module isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) F8472000-F847B000 (36864 bytes)
Module pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F8A3A000-F8A3B000 (4096 bytes)
Module \WINDOWS\system32\DRIVERS\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) F86F2000-F86F9000 (28672 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) F8482000-F848D000 (45056 bytes)
Module ftdisk.sys (FT Disk Driver/Microsoft Corporation) F8313000-F8332000 (126976 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) F86FA000-F86FF000 (20480 bytes)
Module VolSnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) F8492000-F849F000 (53248 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F82FB000-F8313000 (98304 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) F84A2000-F84AB000 (36864 bytes)
Module \WINDOWS\system32\DRIVERS\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) F84B2000-F84BF000 (53248 bytes)
Module fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) F82DB000-F82FB000 (131072 bytes)
Module sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) F82C9000-F82DB000 (73728 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) F82B2000-F82C9000 (94208 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) F8225000-F82B2000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F81F8000-F8225000 (184320 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) F81DD000-F81F8000 (110592 bytes)
Module \SystemRoot\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) F8612000-F861C000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\ialmnt5.sys (Intel Graphics Miniport Driver/Intel Corporation) F804A000-F8195000 (1355776 bytes)
Module \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F8036000-F804A000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) F8011000-F8036000 (151552 bytes)
Module \SystemRoot\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) F8792000-F8797000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F7FEE000-F8011000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) F879A000-F87A1000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) F7FD9000-F7FEE000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) F87A2000-F87A9000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) F8622000-F8632000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) F891A000-F891E000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) F7FC5000-F7FD9000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F8632000-F863F000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) F87AA000-F87B0000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) F87B2000-F87B8000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) F8642000-F864D000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) F8652000-F865F000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) F8662000-F8671000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) F7FA2000-F7FC5000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) F8BAB000-F8BAC000 (4096 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) F8672000-F867F000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) F8922000-F8925000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) F7F8B000-F7FA2000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) F8682000-F868D000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) F8692000-F869E000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) F87BA000-F87BF000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) F7F7A000-F7F8B000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) F86A2000-F86AB000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F87C2000-F87C7000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) F87CA000-F87CF000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) F86B2000-F86BC000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) F8988000-F898A000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) F7EE0000-F7F39000 (364544 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) F8932000-F8936000 (16384 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) F86C2000-F86CC000 (40960 bytes)
Module \SystemRoot\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) AAA6E000-AAF20000 (4923392 bytes)
Module \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) AAA4C000-AAA6E000 (139264 bytes)
Module \SystemRoot\system32\drivers\drmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) F84E2000-F84F1000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) F84F2000-F8501000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) F898C000-F898E000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) F87D2000-F87D7000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) F898E000-F8990000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) F8B71000-F8B72000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) F8990000-F8992000 (8192 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) F87E2000-F87E8000 (24576 bytes)
Module \SystemRoot\System32\Drivers\mnmdd.SYS (Frame buffer simulator/Microsoft Corporation) F8992000-F8994000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) F8994000-F8996000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) F87EA000-F87EF000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) F87F2000-F87FA000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) F8199000-F819C000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) AA9C9000-AA9DC000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) AA971000-AA9C9000 (360448 bytes)
Module \SystemRoot\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) AA949000-AA971000 (163840 bytes)
Module \SystemRoot\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) AA927000-AA949000 (139264 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) F8532000-F853B000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) AA8FC000-AA927000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) AA88D000-AA8FC000 (454656 bytes)
Module \SystemRoot\System32\Drivers\Fips.SYS (FIPS Crypto Driver/Microsoft Corporation) F8542000-F854B000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) AA86C000-AA88D000 (135168 bytes)
Module \SystemRoot\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) F8552000-F855B000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) AAFB0000-AAFC0000 (65536 bytes)
Module \SystemRoot\System32\Drivers\dump_atapi.sys AA82C000-AA844000 (98304 bytes)
Module \SystemRoot\System32\Drivers\dump_WMILIB.SYS F89A8000-F89AA000 (8192 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) BF800000-BF9C4000 (1851392 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) AAA38000-AAA3B000 (12288 bytes)
Module \SystemRoot\System32\watchdog.sys (Watchdog Driver/Microsoft Corporation) F881A000-F881F000 (20480 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) BF9C4000-BF9D6000 (73728 bytes)
Module \SystemRoot\System32\drivers\dxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) F8AAB000-F8AAC000 (4096 bytes)
Module \SystemRoot\System32\ialmdnt5.dll (Controller Hub for Intel Graphics Driver/Intel Corporation) BF9E4000-BFA06000 (139264 bytes)
Module \SystemRoot\System32\ialmrnt5.dll (Controller Hub for Intel Graphics Driver/Intel Corporation) BF9D6000-BF9E4000 (57344 bytes)
Module \SystemRoot\System32\ialmdev5.DLL (Component GHAL Driver/Intel Corporation) BFA06000-BFA3B000 (217088 bytes)
Module \SystemRoot\System32\ialmdd5.DLL (DirectDraw(R) Driver for Intel(R) Graphics Technology/Intel Corporation) BFA3B000-BFB1D000 (925696 bytes)
Module \SystemRoot\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) F7EC4000-F7EC8000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) AA3F0000-AA41C000 (180224 bytes)
Module \SystemRoot\System32\Drivers\Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AA2DD000-AA300000 (143360 bytes)
Module \SystemRoot\System32\Drivers\ParVdm.SYS (VDM Parallel Driver/Microsoft Corporation) F899C000-F899E000 (8192 bytes)
Module \SystemRoot\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) AA2A0000-AA2B5000 (86016 bytes)
Module \SystemRoot\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) AA81C000-AA82B000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) AA133000-AA18A000 (356352 bytes)
Module \SystemRoot\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) A9D30000-A9D71000 (266240 bytes)
Module \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\kgxorkow.sys (GMER) A9B61000-A9B78000 (94208 bytes)
Module \SystemRoot\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) A9B36000-A9B61000 (176128 bytes)
Module \WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 7C900000-7C9B1000 (724992 bytes)

Re: sys soubory s rootkity

Napsal: 09 bře 2010 14:23
od fru-fru
7.

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\WINDOWS\System32\smss.exe (Správce relací systému Windows NT/Microsoft Corporation) 576
Library C:\WINDOWS\System32\smss.exe (Správce relací systému Windows NT/Microsoft Corporation) 0x48580000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 648
Library C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A680000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75B20000
Library C:\WINDOWS\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75B30000
Library C:\WINDOWS\system32\winsrv.dll (Windows Server DLL/Microsoft Corporation) 0x75B40000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75E70000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 672
Library C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776B0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\NDdeApi.dll (Network DDE Share Management APIs/Microsoft Corporation) 0x75920000
Library C:\WINDOWS\system32\PROFMAP.dll (Userenv/Microsoft Corporation) 0x75910000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BE0000
Library C:\WINDOWS\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76340000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\MSGINA.dll (Windows NT Logon GINA DLL/Microsoft Corporation) 0x75950000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x73FB0000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\SHSVCS.dll (Windows Shell Services Dll/Microsoft Corporation) 0x776D0000
Library C:\WINDOWS\system32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76BA0000
Library C:\WINDOWS\system32\sfc_os.dll (Ochrana souborů systému Windows/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B30000
Library C:\WINDOWS\system32\WINSCARD.DLL (Microsoft Smart Card API/Microsoft Corporation) 0x723B0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F40000
Library C:\WINDOWS\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75E70000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\cscdll.dll (Offline Network Agent/Microsoft Corporation) 0x765E0000
Library C:\WINDOWS\system32\WlNotify.dll (Common DLL to receive Winlogon notifications/Microsoft Corporation) 0x75930000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x72FC0000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B00000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BD0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C60000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76780000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D50000
Library C:\WINDOWS\system32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A10000
Library C:\WINDOWS\system32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D30000
Library C:\WINDOWS\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CB0000
Library C:\WINDOWS\system32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E00000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x01440000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77680000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72CE0000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72CD0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BC0000

Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 716
Library C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5FC80000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76060000
Library C:\WINDOWS\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x77B60000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776B0000
Library C:\WINDOWS\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x7DBA0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76340000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B30000
Library C:\WINDOWS\system32\eventlog.dll (Event Logging Service/Microsoft Corporation) 0x772F0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BE0000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F40000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 728
Library C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation) 0x75420000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B00000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BD0000
Library C:\WINDOWS\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x74410000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76780000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\msprivs.dll (Microsoft Privilege Translations/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x71CD0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C60000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D50000
Library C:\WINDOWS\system32\netlogon.dll (Net Logon Services DLL/Microsoft Corporation) 0x74480000
Library C:\WINDOWS\system32\w32time.dll (Sledování času/Microsoft Corporation) 0x767B0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76060000
Library C:\WINDOWS\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767E0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\wdigest.dll (Microsoft Digest Access/Microsoft Corporation) 0x7E8B0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\system32\scecli.dll (Windows Security Configuration Editor Client Engine/Microsoft Corporation) 0x743E0000
Library C:\WINDOWS\system32\ipsecsvc.dll (Knihovna DLL serveru Windows IPSec SPD/Microsoft Corporation) 0x743B0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776B0000
Library C:\WINDOWS\system32\oakley.DLL (Oakley Key Manager/Microsoft Corporation) 0x75710000
Library C:\WINDOWS\system32\WINIPSEC.DLL (Windows IPSec SPD Client DLL/Microsoft Corporation) 0x74340000
Library C:\WINDOWS\system32\mswsock.dll (Poskytovatel služeb Microsoft Windows Sockets 2.0/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x698B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A70000
Library C:\WINDOWS\system32\pstorsvc.dll (Protected storage server/Microsoft Corporation) 0x74370000
Library C:\WINDOWS\system32\psbase.dll (Protected Storage default provider/Microsoft Corporation) 0x74390000
Library C:\WINDOWS\system32\dssenh.dll (Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider/Microsoft Corporation) 0x68100000

Process C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (Firebird SQL Server/The Firebird Project) 840
Library C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (Firebird SQL Server/The Firebird Project) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\Program Files\Firebird\Firebird_1_5\bin\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76060000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\System32\mswsock.dll (Poskytovatel služeb Microsoft Windows Sockets 2.0/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D50000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FA0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x698B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A70000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 876
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77680000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BD0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A70000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library c:\windows\system32\termsrv.dll (Terminal Server Service/Microsoft Corporation) 0x766F0000
Library c:\windows\system32\ICAAPI.dll (DLL Interface to TermDD Device Driver/Microsoft Corporation) 0x74F40000
Library c:\windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776B0000
Library c:\windows\system32\mstlsapi.dll (Microsoft® Terminal Server Licensing/Microsoft Corporation) 0x750E0000
Library c:\windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CB0000
Library c:\windows\system32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E00000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B10000
Library C:\WINDOWS\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B30000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 952
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000

Re: sys soubory s rootkity

Napsal: 09 bře 2010 14:24
od fru-fru
8.

Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A70000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\mswsock.dll (Poskytovatel služeb Microsoft Windows Sockets 2.0/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x698B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A70000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D50000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FA0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 988
Library C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\System32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\System32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\System32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\System32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\System32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77680000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BD0000
Library C:\WINDOWS\System32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library c:\windows\system32\shsvcs.dll (Windows Shell Services Dll/Microsoft Corporation) 0x776D0000
Library C:\WINDOWS\System32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76340000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library c:\windows\system32\dhcpcsvc.dll (DHCP Client Service/Microsoft Corporation) 0x76D70000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F10000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D50000
Library C:\WINDOWS\System32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library c:\windows\system32\wzcsvc.dll (Wireless Zero Configuration Service/Microsoft Corporation) 0x77610000
Library c:\windows\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E70000
Library c:\windows\system32\WMI.dll (WMI DC and DP functionality/Microsoft Corporation) 0x76D20000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library c:\windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F40000
Library c:\windows\system32\ESENT.dll (Server Database Storage Engine/Microsoft Corporation) 0x6F930000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B10000
Library C:\WINDOWS\System32\rastls.dll (Remote Access PPP EAP-TLS/Microsoft Corporation) 0x76BC0000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x76660000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771A0000
Library C:\WINDOWS\System32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D30000
Library C:\WINDOWS\System32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CB0000
Library C:\WINDOWS\System32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E00000
Library C:\WINDOWS\System32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\System32\RASAPI32.dll (Rozhraní API pro vzdálený přístup/Microsoft Corporation) 0x76ED0000
Library C:\WINDOWS\System32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E80000
Library C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows(TM) Telephony API Client DLL/Microsoft Corporation) 0x76EA0000
Library C:\WINDOWS\System32\SCHANNEL.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767E0000
Library C:\WINDOWS\System32\WinSCard.dll (Microsoft Smart Card API/Microsoft Corporation) 0x723B0000
Library C:\WINDOWS\System32\raschap.dll (Remote Access PPP CHAP/Microsoft Corporation) 0x76CD0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C60000
Library C:\WINDOWS\System32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76780000
Library C:\WINDOWS\System32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\System32\COMRes.dll (Microsoft Corporation) 0x77040000
Library c:\windows\system32\schedsvc.dll (Task Scheduler Engine/Microsoft Corporation) 0x76870000
Library c:\windows\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\System32\MSIDLE.DLL (User Idle Monitor/Microsoft Corporation) 0x74F20000
Library c:\windows\system32\audiosrv.dll (Windows Audio Service/Microsoft Corporation) 0x70E40000
Library c:\windows\system32\wkssvc.dll (Workstation Service DLL/Microsoft Corporation) 0x76E30000
Library c:\windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x76D00000
Library c:\windows\system32\certcli.dll (Microsoft® Certificate Services Client/Microsoft Corporation) 0x76B60000
Library c:\windows\system32\ersvc.dll (Windows Error Reporting Service/Microsoft Corporation) 0x74F50000
Library c:\windows\system32\es.dll (Microsoft Corporation) 0x77700000
Library c:\windows\pchealth\helpctr\binaries\pchsvc.dll (Microsoft PCHealth Service Holder/Microsoft Corporation) 0x74F10000
Library c:\windows\system32\srvsvc.dll (Server Service DLL/Microsoft Corporation) 0x75060000
Library c:\windows\system32\netman.dll (Network Connections Manager/Microsoft Corporation) 0x77CF0000
Library c:\windows\system32\netshell.dll (Network Connections Shell/Microsoft Corporation) 0x763E0000
Library c:\windows\system32\credui.dll (Credential Manager User Interface/Microsoft Corporation) 0x76BF0000
Library c:\windows\system32\WZCSAPI.DLL (Wireless Zero Configuration service API/Microsoft Corporation) 0x72FF0000
Library C:\WINDOWS\System32\HNETCFG.DLL (Home Networking Configuration Manager/Microsoft Corporation) 0x698B0000
Library c:\windows\system32\seclogon.dll (Secondary Logon Service DLL/Microsoft Corporation) 0x73CE0000
Library c:\windows\system32\sens.dll (System Event Notification Service (SENS)/Microsoft Corporation) 0x722B0000
Library c:\windows\system32\srsvc.dll (System Restore Service/Microsoft Corporation) 0x75170000
Library c:\windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AA0000
Library c:\windows\system32\trkwks.dll (Distributed Link Tracking Client/Microsoft Corporation) 0x75040000
Library C:\WINDOWS\System32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E70000
Library c:\windows\system32\w32time.dll (Sledování času/Microsoft Corporation) 0x767B0000
Library c:\windows\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76060000
Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x5A8D0000
Library C:\WINDOWS\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x753B0000
Library C:\WINDOWS\system32\mswsock.dll (Poskytovatel služeb Microsoft Windows Sockets 2.0/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A70000
Library c:\windows\system32\wuauserv.dll (Windows Update AutoUpdate Service/Microsoft Corporation) 0x50000000
Library C:\WINDOWS\system32\wuaueng.dll (Windows Update Agent/Microsoft Corporation) 0x50040000
Library C:\WINDOWS\System32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x72FC0000
Library C:\WINDOWS\System32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D540000
Library C:\WINDOWS\System32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x75120000
Library C:\WINDOWS\System32\mspatcha.dll (Microsoft(R) Patch Engine/Microsoft Corporation) 0x605B0000
Library c:\windows\system32\browser.dll (Computer Browser Service DLL/Microsoft Corporation) 0x77310000
Library c:\windows\system32\wscsvc.dll (Windows Security Center Service/Microsoft Corporation) 0x4C0F0000
Library c:\windows\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75260000
Library C:\WINDOWS\system32\wbem\wbemcore.dll (WMI/Microsoft Corporation) 0x762A0000
Library C:\WINDOWS\system32\wbem\esscli.dll (WMI/Microsoft Corporation)
0x752E0000
Library C:\WINDOWS\system32\wbem\FastProx.dll (WMI/Microsoft Corporation) 0x75670000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74EA0000
Library C:\WINDOWS\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x74FF0000
Library C:\WINDOWS\system32\wbem\repdrvfs.dll (WMI/Microsoft Corporation) 0x751D0000
Library C:\WINDOWS\system32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x433D0000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5FC80000
Library C:\WINDOWS\system32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x75360000
Library C:\WINDOWS\system32\comsvcs.dll (Microsoft Corporation) 0x760D0000
Library C:\WINDOWS\system32\colbact.DLL (Microsoft Corporation) 0x75100000
Library C:\WINDOWS\system32\MTXCLU.DLL (MS DTC amd MTS clustering support DLL/Microsoft Corporation) 0x750C0000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\System32\CLUSAPI.DLL (Cluster API Library/Microsoft Corporation) 0x76D90000
Library C:\WINDOWS\System32\RESUTILS.DLL (Microsoft Cluster Resource Utility DLL/Microsoft Corporation) 0x75080000
Library C:\WINDOWS\System32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76BA0000
Library C:\WINDOWS\System32\sfc_os.dll (Ochrana souborů systému Windows/Microsoft Corporation) 0x76C50000

Re: sys soubory s rootkity

Napsal: 09 bře 2010 14:25
od fru-fru
9.

Library c:\windows\system32\ipnathlp.dll (Microsoft NAT Helper Components/Microsoft Corporation) 0x669A0000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776B0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B30000
Library C:\WINDOWS\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x5FC50000
Library C:\WINDOWS\system32\wups2.dll (Windows Update client proxy stub 2/Microsoft Corporation) 0x50F00000
Library C:\WINDOWS\system32\upnp.dll (Universal Plug and Play API/Microsoft Corporation) 0x76DD0000
Library C:\WINDOWS\system32\SSDPAPI.dll (SSDP Client API DLL/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\System32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\System32\RASDLG.dll (Remote Access Common Dialog API/Microsoft Corporation) 0x768C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1036
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library c:\windows\system32\dnsrslvr.dll (DNS Caching Resolver Service/Microsoft Corporation) 0x76760000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F10000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D50000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1168
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77680000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BD0000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library c:\windows\system32\lmhsvc.dll (TCPIP NetBios Transport Services DLL/Microsoft Corporation) 0x74C10000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D50000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library c:\windows\system32\ssdpsrv.dll (SSDP Service DLL/Microsoft Corporation) 0x76630000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x698B0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\mswsock.dll (Poskytovatel služeb Microsoft Windows Sockets 2.0/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A70000

Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 1216
Library C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\System32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\System32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\System32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\System32\MSWSOCK.DLL (Poskytovatel služeb Microsoft Windows Sockets 2.0/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\System32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\System32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\System32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\System32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\System32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\System32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\System32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x698B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A70000

Process C:\WINDOWS\system32\wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 1312
Library C:\WINDOWS\system32\wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000

Process C:\WINDOWS\Explorer.EXE (Průzkumník Windows/Microsoft Corporation) 1356
Library C:\WINDOWS\Explorer.EXE (Průzkumník Windows/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\BROWSEUI.dll (Shell Browser UI Library/Společnost Microsoft) 0x75F60000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\SHDOCVW.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x7E1E0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x76660000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771A0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B30000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x7DF10000
Library C:\WINDOWS\System32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A10000
Library C:\WINDOWS\System32\CSCDLL.dll (Offline Network Agent/Microsoft Corporation) 0x765E0000
Library C:\WINDOWS\system32\themeui.dll (Windows Theme API/Microsoft Corporation) 0x60020000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\actxprxy.dll (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x71D20000
Library C:\WINDOWS\system32\msutb.dll (MSUTB Server DLL/Microsoft Corporation) 0x60120000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x746F0000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BD0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x76980000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B10000
Library C:\WINDOWS\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76970000
Library C:\WINDOWS\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x75DB0000
Library C:\WINDOWS\system32\NETSHELL.dll (Network Connections Shell/Microsoft Corporation) 0x763E0000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E70000
Library C:\WINDOWS\system32\credui.dll (Credential Manager User Interface/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D50000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\wsock32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\RASAPI32.DLL (Rozhraní API pro vzdálený přístup/Microsoft Corporation) 0x76ED0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E80000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telephony API Client DLL/Microsoft Corporation) 0x76EA0000
Library C:\WINDOWS\System32\mswsock.dll (Poskytovatel služeb Microsoft Windows Sockets 2.0/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FA0000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72CE0000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72CD0000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BC0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76340000
Library C:\WINDOWS\system32\webcheck.dll (Web Site Monitor/Microsoft Corporation) 0x74B00000
Library C:\WINDOWS\system32\stobject.dll (Systray shell service object/Microsoft Corporation) 0x75D80000
Library C:\WINDOWS\system32\BatMeter.dll (Battery Meter Helper DLL/Microsoft Corporation) 0x74AC0000
Library C:\WINDOWS\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AA0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F40000
Library C:\WINDOWS\system32\shdoclc.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x01BD0000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B00000
Library C:\WINDOWS\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x75F40000
Library C:\WINDOWS\System32\ntlanman.dll (Microsoft® Lan Manager/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\System32\NETUI0.dll (NT LM UI Common Code - GUI Classes/Microsoft Corporation) 0x71CB0000
Library C:\WINDOWS\System32\NETUI1.dll (NT LM UI Common Code - Networking classes/Microsoft Corporation) 0x71C70000
Library C:\WINDOWS\System32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C60000
Library C:\WINDOWS\System32\davclnt.dll (Web DAV Client DLL/Microsoft Corporation) 0x75F50000
Library C:\WINDOWS\system32\sensapi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x72290000
Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library C:\WINDOWS\system32\igfxpph.dll (igfxpph Module/Intel Corporation) 0x00FA0000
Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x01450000
Library C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation) 0x014D0000
Library C:\WINDOWS\system32\igfxress.dll (igfxress Module/Intel Corporation) 0x01C60000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x01480000
Library C:\WINDOWS\system32\browselc.dll (Shell Browser UI Library/Microsoft Corporation) 0x019D0000
Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Acrobat IE Helper Version 7.0 for ActiveX/Adobe Systems Incorporated) 0x01500000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E70000
Library C:\WINDOWS\system32\DUSER.dll (Windows DirectUser Engine/Microsoft Corporation) 0x6C730000
Library C:\WINDOWS\system32\MSGINA.dll (Windows NT Logon GINA DLL/Microsoft Corporation) 0x75950000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x73FB0000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x012E0000
Library C:\WINDOWS\system32\sti.dll (Still Image Devices client DLL /Microsoft Corporation) 0x73B60000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74AB0000

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1440
Library C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000

Re: sys soubory s rootkity

Napsal: 09 bře 2010 14:27
od fru-fru
10.

Library C:\WINDOWS\system32\SPOOLSS.DLL (Spooler SubSystem DLL/Microsoft Corporation) 0x742B0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F10000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D50000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\localspl.dll (Local Spooler DLL/Microsoft Corporation) 0x75B90000
Library C:\WINDOWS\system32\sfc_os.dll (Ochrana souborů systému Windows/Microsoft Corporation) 0x76C50000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library C:\WINDOWS\system32\winspool.drv (Windows Spooler Driver/Microsoft Corporation) 0x72FC0000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library C:\WINDOWS\system32\cnbjmon.dll (Langage Monitor for Canon Bubble-Jet Printer/Microsoft Corporation) 0x74260000
Library C:\WINDOWS\system32\HpTcpMon.dll (Standard TCP/IP Port Monitor DLL/Hewlett Packard) 0x10000000
Library C:\WINDOWS\system32\hpzjrd01.dll (HP Rediscovery Library/Hewlett Packard) 0x009C0000
Library C:\WINDOWS\system32\HPTcpMUI.dll (Standard TCP/IP Port Monitor UI DLL/Microsoft Corporation) 0x00D10000
Library C:\WINDOWS\system32\hptcpmib.dll (Standard TCP/IP Port Monitor DLL/Hewlett Packard) 0x00D70000
Library C:\WINDOWS\system32\mgmtapi.dll (Microsoft SNMP Manager API (uses WinSNMP)/Microsoft Corporation) 0x72000000
Library C:\WINDOWS\system32\snmpapi.dll (SNMP Utility Library/Microsoft Corporation) 0x71F40000
Library C:\WINDOWS\system32\wsnmp32.dll (Microsoft WinSNMP v2.0 Manager API/Microsoft Corporation) 0x71FF0000
Library C:\WINDOWS\system32\hpzll054.dll (LanguageMonitor/Hewlett-Packard Company) 0x00DB0000
Library C:\WINDOWS\system32\pjlmon.dll (PJL Language monitor/Microsoft Corporation) 0x74240000
Library C:\WINDOWS\system32\tcpmon.dll (Standard TCP/IP Port Monitor DLL/Microsoft Corporation) 0x723E0000
Library C:\WINDOWS\system32\usbmon.dll (Standard Dynamic Printing Port Monitor DLL/Microsoft Corporation) 0x723D0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll (Hewlett-Packard Corporation) 0x00E00000
Library C:\WINDOWS\System32\mswsock.dll (Poskytovatel služeb Microsoft Windows Sockets 2.0/Microsoft Corporation) 0x71A30000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FA0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\win32spl.dll (32-bit Spooler API DLL/Microsoft Corporation) 0x75BF0000
Library C:\WINDOWS\system32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C60000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\inetpp.dll (Internet Print Provider DLL/Microsoft Corporation) 0x742D0000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000

Process C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation) 1552
Library C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x00C80000
Library C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation) 0x00C90000
Library C:\WINDOWS\system32\igfxress.dll (igfxress Module/Intel Corporation) 0x00D00000

Process C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 1584
Library C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x003E0000
Library C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation) 0x00C60000

Process C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 1592
Library C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F40000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76340000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1608
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77680000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BD0000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library c:\windows\system32\webclnt.dll (Web DAV Service DLL/Microsoft Corporation) 0x5ABB0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771A0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\wsock32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AB0000

Process C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Product Assistant/Hewlett-Packard Development Company, L.P.) 1616
Library C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Product Assistant/Hewlett-Packard Development Company, L.P.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x75DB0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x7DF10000

Process C:\Program Files\QuickTime\qttask.exe (QuickTime Task/Apple Computer, Inc.) 1624
Library C:\Program Files\QuickTime\qttask.exe (QuickTime Task/Apple Computer, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000

Process C:\WINDOWS\RTHDCPL.EXE (Realtek HD Audio Control Panel/Realtek Semiconductor Corp.) 1632
Library C:\WINDOWS\RTHDCPL.EXE (Realtek HD Audio Control Panel/Realtek Semiconductor Corp.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\DSOUND.DLL (DirectSound/Microsoft Corporation) 0x73ED0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\HHCTRL.OCX (Microsoft® HTML Help Control/Microsoft Corporation) 0x7E400000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\SETUPAPI.DLL (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\system32\MPR.DLL (Multiple Provider Router DLL/Microsoft Corporation) 0x71B00000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x72FC0000
Library C:\WINDOWS\system32\COMDLG32.DLL (Common Dialogs DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\mui\0005\HHCTRLui.dll (Ovládací prvek Microsoft® HTML Help/Microsoft Corporation) 0x68E60000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72CE0000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72CD0000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BC0000
Library C:\WINDOWS\system32\KsUser.dll (User CSA Library/Microsoft Corporation) 0x73EA0000

Process C:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 1648
Library C:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\HID.DLL (Hid User Library/Microsoft Corporation) 0x68E50000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000

Process C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (HP Digital Imaging Monitor/Hewlett-Packard Development Company, L.P.) 1696
Library C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (HP Digital Imaging Monitor/Hewlett-Packard Development Company, L.P.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76060000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll (HP CUE Context Manager Objects/Hewlett-Packard Development Company, L.P.) 0x14A00000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\SHFOLDER.dll (Shell Folder Service/Microsoft Corporation) 0x76770000
Library C:\WINDOWS\system32\WTSAPI32.DLL (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F40000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76340000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll (HP U/I COM Objects/Hewlett-Packard Development Company, L.P.) 0x14000000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc (CUE TrayApp Combined resource DLL/Hewlett-Packard Development Company, L.P.) 0x15000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll (HP Digital Imaging Monitor Objects (CUE)/Hewlett-Packard Development Company, L.P.) 0x15800000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E70000
Library C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll (HP All-in-One TrayAppPlugin/Hewlett-Packard Development Company, L.P.) 0x16600000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x72FC0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74AB0000
Library C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc (AiO TrayAppPlugIn Combined resource DLL/Hewlett-Packard Development Company, L.P.) 0x16750000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Development Company, L.P.) 0x144C0000
Library C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Development Company, L.P.) 0x00CE0000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AB0000

Re: sys soubory s rootkity

Napsal: 09 bře 2010 14:27
od fru-fru
11.

Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll (HP Digital Imaging Monitor PlugIn (AiO)/Hewlett-Packard Development Company, L.P.) 0x10000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll (HP RedBox Interface Tray App PlugIn/Hewlett-Packard Development Company, L.P.) 0x00E30000
Library C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll (HP Mars Interface Tray App PlugIn/Hewlett-Packard Development Company, L.P.) 0x00F70000
Library C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll (HP All-in-One DeviceDiscovery/Hewlett-Packard Development Company, L.P.) 0x3AB00000
Library C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll (HP All-in-One DeviceDiscovery Common Library/Hewlett-Packard Development Company, L.P.) 0x3AF00000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/HP) 0x66000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll (Hewlett-Packard Market Research/Hewlett-Packard Development Company, L.P.) 0x00FE0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771A0000

Process C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (Firebird SQL Server/The Firebird Project) 1836
Library C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (Firebird SQL Server/The Firebird Project) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\Program Files\Firebird\Firebird_1_5\bin\fbclient.dll (Firebird SQL Server/The Firebird Project) 0x10000000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B00000
Library C:\Program Files\Firebird\Firebird_1_5\bin\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76060000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000

Process C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (HP CUE Status/Hewlett-Packard Development Company, L.P.) 1880
Library C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (HP CUE Status/Hewlett-Packard Development Company, L.P.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll (CUE MFC Extension DLL/Hewlett-Packard Development Company, L.P.) 0x10000000
Library C:\WINDOWS\system32\MSVFW32.dll (Microsoft Video for Windows DLL/Microsoft Corporation) 0x75A50000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll (TAPAS Link Server/Hewlett-Packard Development Company, L.P.) 0x144E0000
Library C:\WINDOWS\system32\MFC42.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x73D90000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76060000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x4EBE0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x72FC0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\MFC42LOC.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x61EB0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll (HP CUE Context Manager Objects/Hewlett-Packard Development Company, L.P.) 0x14A00000
Library C:\WINDOWS\system32\SHFOLDER.dll (Shell Folder Service/Microsoft Corporation) 0x76770000
Library C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc (CUE Status Exe Combined resource DLL/Hewlett-Packard Development Company, L.P.) 0x00A10000
Library C:\WINDOWS\system32\shdocvw.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x7E1E0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x76660000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771A0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B30000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E70000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x7DF10000
Library C:\WINDOWS\system32\shdoclc.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x01040000
Library C:\WINDOWS\system32\mlang.dll (Multi Language Support DLL/Microsoft Corporation) 0x75DB0000
Library C:\WINDOWS\system32\mshtml.dll (Microsoft (R) HTML Viewer/Microsoft Corporation) 0x7DBD0000
Library C:\WINDOWS\system32\msls31.dll (Microsoft Line Services library file/Microsoft Corporation) 0x74690000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BE0000
Library C:\WINDOWS\system32\msimtf.dll (Active IMM Server DLL/Microsoft Corporation) 0x746C0000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x746F0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76370000
Library C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll (HP CUE Status Imp/Hewlett-Packard Development Company, L.P.) 0x17000000
Library C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (HP OfficeJet COM Common Objects/Hewlett-Packard Development Company, L.P.) 0x144C0000
Library C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll (HP CUE PMLEventMonitorPlugin/Hewlett-Packard Development Company, L.P.) 0x17200000
Library C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll (HP OfficeJet COM Device IO Objects (CUE)/Hewlett-Packard Development Company, L.P.) 0x01910000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71A80000
Library C:\WINDOWS\system32\WTSAPI32.DLL (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F40000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76340000
Library C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll (HP CUE/AiO Context Information Objects/Hewlett-Packard Development Company, L.P.) 0x14200000
Library C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc (Combined resource DLL/Hewlett-Packard Development Company, L.P.) 0x019E0000
Library C:\WINDOWS\system32\hpzipr12.dll (PML Run-time library/HP) 0x66000000
Library C:\Program Files\HP\Digital Imaging\bin\crm\hpqcrmcm.dll (hpqcrmcm.dll/Hewlett-Packard Company) 0x01B90000
Library C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll 0x01BD0000
Library C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll 0x01BE0000
Library C:\Program Files\HP\Digital Imaging\bin\dbghelp.dll (Windows Image Helper/Microsoft Corporation) 0x02800000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2004
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library c:\windows\system32\wiaservc.dll (Still Image Devices Service/Microsoft Corporation) 0x75A80000
Library c:\windows\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74AB0000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup API/Microsoft Corporation) 0x77910000
Library c:\windows\system32\mscms.dll (Microsoft Color Matching System DLL/Microsoft Corporation) 0x73AF0000
Library c:\windows\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x72FC0000
Library c:\windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76340000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x67270000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library C:\WINDOWS\system32\actxprxy.dll (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x71D20000
Library C:\WINDOWS\system32\sti.dll (Still Image Devices client DLL /Microsoft Corporation) 0x73B60000

Process C:\Documents and Settings\Uživatel\Plocha\gmer.exe 2036
Library C:\Documents and Settings\Uživatel\Plocha\gmer.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\COMCTL32.DLL (Common Controls Library/Microsoft Corporation) 0x5D5A0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\VERSION.DLL (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000

Process C:\WINDOWS\system32\wuauclt.exe (Windows Update/Microsoft Corporation) 2184
Library C:\WINDOWS\system32\wuauclt.exe (Windows Update/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774D0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DC0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E360000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77110000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5D060000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6FE10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B30000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77BF0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769B0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5B250000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773C0000
Library C:\WINDOWS\system32\wucltui.dll (Windows Update Client UI Plugin/Microsoft Corporation) 0x507E0000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x75120000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A70000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B10000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C80000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77040000
Library C:\WINDOWS\system32\xpsp2res.dll (Zprávy aktualizace Service Pack 2/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\wups2.dll (Windows Update client proxy stub 2/Microsoft Corporation) 0x50F00000
Library C:\WINDOWS\system32\wuaucpl.cpl (Automatic Updates Control Panel/Microsoft Corporation) 0x508E0000
Library C:\WINDOWS\system32\mucltui.dll (Microsoft Update Client UI Plugin/Microsoft Corporation) 0x509E0000

Re: sys soubory s rootkity

Napsal: 09 bře 2010 14:28
od fru-fru
poslední 12:



---- Services - GMER 1.0.15 ----

Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (Ovladač vloženého řadiče ACPI/Microsoft Corporation) [DISABLED] ACPIEC
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\ComboFix\catchme.sys [MANUAL] catchme
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv
Service [DISABLED] CmdIde
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [DISABLED] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [DISABLED] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips
Service C:\Program [AUTO] FirebirdGuardianDefaultInstance
Service C:\Program [MANUAL] FirebirdServerDefaultInstance
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service [DISABLED] hpn
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Graphics Miniport Driver/Intel Corporation) [MANUAL] ialm
Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service [DISABLED] IntelIde
Service C:\WINDOWS\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] intelppm
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm
Service C:\WINDOWS\system32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde
Service (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [AUTO] Pml Driver HPZ12
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) [SYSTEM] Serial
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service System32\Drivers\sptd.sys [DISABLED] sptd
Service C:\WINDOWS\system32\DRIVERS\sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [BOOT] sr
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv
Service (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {15918C48-6CC6-4D25-9573-04D32BAD25F2}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x61 0x1E 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x61 0x1E 0x03 ...

---- EOF - GMER 1.0.15 ----

Re: sys soubory s rootkity

Napsal: 09 bře 2010 17:59
od Caroprd111
Obrázek Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229
  • Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
  • Nic nemažte :!: MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
  • Log vložte sem.

Re: sys soubory s rootkity

Napsal: 10 bře 2010 07:51
od fru-fru
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3845
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10.3.2010 7:44:56
mbam-log-2010-03-10 (07-44-49).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 142787
Uplynulý čas: 14 minute(s), 47 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\xlnvbaodoqtbqjv.sys.vir (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{B412EB64-2601-4C58-8428-065A31DEC21E}\RP416\A0042203.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Uživatel\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.

Re: sys soubory s rootkity

Napsal: 10 bře 2010 08:59
od fru-fru
chystám se zapnout a vypnout obnovu systému + smazat mbamem nalezené položky,
ale počkám na pokyny rádce :)

wiaserva.log pro důkladnost otestován :)
http://www.virustotal.com/cs/analisis/3 ... 1268206611

ve složce:
C:\Documents and Settings\Uživatel\
jsem náhodně objevil jěště tento soubor:
http://www.virustotal.com/cs/analisis/6 ... 1268206607

předpokládám, že jej taky smáznout

Re: sys soubory s rootkity

Napsal: 10 bře 2010 13:51
od Caroprd111
Vše smažte a napište, jak to vypadá s PC.

Re: sys soubory s rootkity

Napsal: 10 bře 2010 14:34
od fru-fru
Vše smazáno. Ikony na ploše jsou už ok, ale jakmile do PC strčím flešku,
tak se na ni automaticky zapíše ten autorun a dll-ko. Pokud je na flešce
jiný autorun, tak ho přepíše a jen pokud má atribut "Jen pro čtení" tak
mu dá pokoj. Je taky slyšet, jak si při tom jěště hrábne do disketové
mechaniky, jestli tam není disketa.

Re: sys soubory s rootkity

Napsal: 10 bře 2010 14:36
od Caroprd111
Obrázek Pokračujte podle návodu AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

Re: sys soubory s rootkity

Napsal: 10 bře 2010 15:40
od fru-fru
Autoscan: completed <1 minute ago (events: 253, objects: 166716, time: 00:33:38)
10.3.2010 15:01:23 Task started
10.3.2010 15:12:07 Detected: Backdoor.Win32.Zdoogu.bk C:\Qoobox\Quarantine\C\WINDOWS\system32\digeste.dll.vir
10.3.2010 15:12:07 Detected: Trojan.Win32.Inject.qle C:\Qoobox\Quarantine\C\WINDOWS\system32\crypts.dll.vir/PE_Patch.UPX/UPX
10.3.2010 15:12:07 Detected: Rootkit.Win32.Agent.bdli C:\Qoobox\Quarantine\C\WINDOWS\TEMP\tkjqmegvybz.sys.vir
10.3.2010 15:12:32 Deleted: Rootkit.Win32.Agent.bdli C:\Qoobox\Quarantine\C\WINDOWS\TEMP\tkjqmegvybz.sys.vir
10.3.2010 15:12:32 Detected: Trojan.Win32.Cosmu.klc C:\WINDOWS\clbcatq.dll
10.3.2010 15:12:33 Deleted: Backdoor.Win32.Zdoogu.bk C:\Qoobox\Quarantine\C\WINDOWS\system32\digeste.dll.vir
10.3.2010 15:12:33 Deleted: Trojan.Win32.Inject.qle C:\Qoobox\Quarantine\C\WINDOWS\system32\crypts.dll.vir
10.3.2010 15:12:34 Will be deleted on system restart: Trojan.Win32.Cosmu.klc C:\WINDOWS\clbcatq.dll
10.3.2010 15:35:01 Task completed
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz