Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avg detects "hidden driver" in Windows/system32/drivers... [

Started by betyar , Dec 28 2008 07:32 AM

  • This topic is locked This topic is locked

#61
JSntgRvr
Posted 01 January 2009 - 04:34 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts

oruocu can't be deleted,because another person or programme uses it...what the [bleep] is this file?

It should not be anything, as it is 0 bytes.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :filesC:\oruocu.exe:commands[emptytemp][Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0

Advertisements

#62
betyar
Posted 01 January 2009 - 05:22 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I managed to delete oruocu and I followed your instructions with the system restore operation.I reboot,did a rootkit scan with AVG,but still there is a hidden driver in windows/system32/drivers,just its name has changed.as usual.
  • 0

#63
JSntgRvr
Posted 01 January 2009 - 05:35 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Lets do this again: (Hope it finds it)

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.

  • 0

#64
betyar
Posted 02 January 2009 - 07:59 AM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
it's done:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-02 14:57:48
Windows 5.1.2600 Szervizcsomag 3


---- System - GMER 1.0.14 ----

SSDT spbh.sys ZwCreateKey [0xF86160E0]
SSDT spbh.sys ZwEnumerateKey [0xF8634CA2]
SSDT spbh.sys ZwEnumerateValueKey [0xF8635030]
SSDT spbh.sys ZwOpenKey [0xF86160C0]
SSDT spbh.sys ZwQueryKey [0xF8635108]
SSDT spbh.sys ZwQueryValueKey [0xF8634F88]
SSDT spbh.sys ZwSetValueKey [0xF863519A]

INT 0x62 ? 82FDFBF8
INT 0x63 ? 82D7FF00
INT 0x73 ? 82D7FF00
INT 0x82 ? 82FDFBF8
INT 0x83 ? 82D7FF00

---- Kernel code sections - GMER 1.0.14 ----

? spbh.sys A rendszer nem találja a megadott fájlt. !
.text USBPORT.SYS!DllUnload F83CF8AC 5 Bytes JMP 82D7F4E0
.text amqzbs38.SYS F81D0386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text amqzbs38.SYS F81D03AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text amqzbs38.SYS F81D03C4 3 Bytes [ 00, 70, 02 ]
.text amqzbs38.SYS F81D03C9 1 Byte [ 2E ]
.text amqzbs38.SYS F81D03CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F734A8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8647C4C] spbh.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8647CA0] spbh.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8617040] spbh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F861713C] spbh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F86170BE] spbh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F86177FC] spbh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F86176D2] spbh.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82D7F5E0
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\amqzbs38.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8627048] spbh.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs HF30XP.sys
Device \FileSystem\Mup \Dfs HF30XP.sys
Device \Driver\sptd \Device\4282394160 spbh.sys

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT - kernel és rendszer/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 HF30Kbd2K.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 HF30Kbd2K.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 HF30Kbd2K.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 HF30Kbd2K.sys

Device \Driver\Serial \Device\Serial0 HF30XP.sys
Device \Driver\Serial \Device\Serial1 HF30XP.sys
Device \Driver\usbohci \Device\USBPDO-0 82D7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82F711F8
Device \Driver\dmio \Device\DmControl\DmConfig 82F711F8
Device \Driver\dmio \Device\DmControl\DmPnP 82F711F8
Device \Driver\dmio \Device\DmControl\DmInfo 82F711F8
Device \Driver\usbohci \Device\USBPDO-1 82D7E1F8
Device \FileSystem\RAW \Device\RawTape HF30XP.sys
Device \FileSystem\MRxDAV \Device\WebDavRedirector HF30XP.sys
Device \Driver\usbehci \Device\USBPDO-2 82DDE1F8
Device \Driver\rdpdr \Device\RdpDrPort HF30XP.sys

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT - kernel és rendszer/Microsoft Corporation)

Device \Driver\ParVdm \Device\ParallelVdm0 HF30XP.sys
Device \Driver\PCI_PNP2910 \Device\00000049 spbh.sys
Device \Driver\rdpdr \Device\RdpDr HF30XP.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 82FE01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82FE01F8
Device \Driver\Cdrom \Device\CdRom0 82DF91F8
Device \FileSystem\Rdbss \Device\FsWrap HF30XP.sys
Device \Driver\Ftdisk \Device\HarddiskVolume3 82FE01F8
Device \Driver\Cdrom \Device\CdRom1 82DF91F8
Device \Driver\Parport \Device\Parallel0 HF30XP.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 82A401F8
Device \Driver\NetBT \Device\NetbiosSmb 82A401F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6E153F09-572F-4C4B-960F-4CC8B267AA3F} 82A401F8
Device \FileSystem\Mup \Device\Mup HF30XP.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT - kernel és rendszer/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT - kernel és rendszer/Microsoft Corporation)

Device \FileSystem\RAW \Device\RawDisk HF30XP.sys
Device \Driver\usbohci \Device\USBFDO-0 82D7E1F8
Device \Driver\usbohci \Device\USBFDO-1 82D7E1F8
Device \Driver\Ptilink \Device\ParTechInc0 HF30XP.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver HF30XP.sys
Device \Driver\usbehci \Device\USBFDO-2 82DDE1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector HF30XP.sys
Device \FileSystem\Npfs \Device\NamedPipe HF30XP.sys
Device \Driver\Ftdisk \Device\FtControl 82FE01F8
Device \FileSystem\Msfs \Device\Mailslot HF30XP.sys
Device \Driver\AFD \Device\Afd HF30XP.sys
Device \FileSystem\RAW \Device\RawCdRom HF30XP.sys
Device \Driver\amqzbs38 \Device\Scsi\amqzbs381 82D211F8
Device \FileSystem\Mup \Device\WinDfs\Root HF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer HF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer HF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer HF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer HF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer HF30XP.sys
Device \FileSystem\Cdfs \Cdfs HF30XP.sys

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8A 0xC8 0xD7 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x9F 0x0A 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0x4F 0x21 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8A 0xC8 0xD7 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x9F 0x0A 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0x4F 0x21 0x48 ...

---- Files - GMER 1.0.14 ----

File D:\films\XXX 0 bytes
File D:\films\XXX\niki-belucci.avi 142222336 bytes
File D:\films\XXX\- XXX - A tökéletes nő.mpeg 9943044 bytes
File D:\films\XXX\1st Time Lesbian Teen.avi 193693696 bytes
File D:\films\XXX\2 Girl HandJob.mpg 11714564 bytes
File D:\films\XXX\amateur-sucking-anal.AVI 80589824 bytes
File D:\films\XXX\atombaró 0 bytes
File D:\films\XXX\atombaró\squirtvid1.avi 3078144 bytes
File D:\films\XXX\atombaró\squirtvid2.avi 1662976 bytes
File D:\films\XXX\Aurora Snow [bleep] Suck Swallow.avi 56091136 bytes
File D:\films\XXX\Brianas.Backyard.BBQ.sample.avi 8663040 bytes
File D:\films\XXX\cum-drippers-5-sc1 norm good.avi 198764544 bytes
File D:\films\XXX\EgerhazyZsanett & Michelle Wild.avi 82452480 bytes
File D:\films\XXX\florida_girls.avi 732772352 bytes
File D:\films\XXX\Heather Brooke High Heels Purple dress (1).mpeg 9906180 bytes
File D:\films\XXX\henrietta1v.avi 16113710 bytes
File D:\films\XXX\hot blondee - Huge tits - pussy, [bleep], xxx, lesbian, hot, sex, [bleep], teen, asian, bbw.mpg .mpg 51740676 bytes
File D:\films\XXX\Jill Kelly p.avi 731197440 bytes
File D:\films\XXX\Lesbian Teen Porn - Sapphic Erotica - Angelique, Julie, Simone and Elaine.avi 112962560 bytes
File D:\films\XXX\Lesbian Teen sleep over.mpg 68128696 bytes
File D:\films\XXX\MERCEDES.AVI 111759360 bytes
File D:\films\XXX\porn - xxx - jenna jameson hard [bleep]ing and blowjob.mpg 42789452 bytes
File D:\films\XXX\rocco_lisabella_fantasticblond_anal_facial.avi 169127936 bytes
File D:\films\XXX\rozsababy.avi 176535552 bytes
File D:\films\XXX\Viktoria [bleep] - Xxx.avi 55106688 bytes
File D:\films\XXX\XXX - Silvia Saint - A torkos titkárno.avi 57831424 bytes
File D:\films\XXX\XXX-Jenna Jameson Blowjob, [bleep] & CumShot [bleep] porn sex horny cum [bleep] pussy(1).mpeg 26669176 bytes
File D:\films\XXX\xxx.mpg 34289077 bytes
File N:\other\EZ+AZ 0 bytes
File N:\other\EZ+AZ\(AG) Amy - Cybergirl 1.pps 711680 bytes
File N:\other\EZ+AZ\3197-1.pps 384512 bytes
File N:\other\EZ+AZ\A mostani csajaim 0 bytes
File N:\other\EZ+AZ\A mostani csajaim\abg.jpg 65301 bytes
File N:\other\EZ+AZ\A mostani csajaim\10.jpg 48990 bytes
File N:\other\EZ+AZ\A mostani csajaim\12.jpg 26471 bytes
File N:\other\EZ+AZ\A mostani csajaim\491_11728.jpg 62927 bytes
File N:\other\EZ+AZ\A mostani csajaim\491_11734.jpg 31962 bytes
File N:\other\EZ+AZ\A mostani csajaim\491_11735.jpg 60975 bytes
File N:\other\EZ+AZ\A mostani csajaim\491_11736.jpg 21625 bytes
File N:\other\EZ+AZ\A mostani csajaim\491_11741.jpg 21359 bytes
File N:\other\EZ+AZ\A mostani csajaim\491_11791.jpg 46876 bytes
File N:\other\EZ+AZ\A mostani csajaim\920_rubia%20guarra%20tanga%20blanco%20culo.jpg 61786 bytes
File N:\other\EZ+AZ\A mostani csajaim\aap.jpg 64007 bytes
File N:\other\EZ+AZ\A mostani csajaim\abk.jpg 61982 bytes
File N:\other\EZ+AZ\A mostani csajaim\abv.jpg 63214 bytes
File N:\other\EZ+AZ\A mostani csajaim\aby.jpg 47315 bytes
File N:\other\EZ+AZ\A mostani csajaim\abz.jpg 57931 bytes
File N:\other\EZ+AZ\A mostani csajaim\add.jpg 57922 bytes
File N:\other\EZ+AZ\A mostani csajaim\ilyene.jpg 62434 bytes
File N:\other\EZ+AZ\A mostani csajaim\jnd027.jpg 31308 bytes
File N:\other\EZ+AZ\A mostani csajaim\jnd029.jpg 19645 bytes
File N:\other\EZ+AZ\A mostani csajaim\juhés.jpg 24672 bytes
File N:\other\EZ+AZ\A mostani csajaim\kurni valo.jpg 58643 bytes
File N:\other\EZ+AZ\A mostani csajaim\legs2_car.jpg 20937 bytes
File N:\other\EZ+AZ\A mostani csajaim\normal_29-1024.jpg 51852 bytes
File N:\other\EZ+AZ\A mostani csajaim\n_1105298706.jpg 27320 bytes
File N:\other\EZ+AZ\A mostani csajaim\sexy_2002_oct16_2.jpg 30821 bytes
File N:\other\EZ+AZ\A mostani csajaim\sexy_2003_jan08_1.jpg 62012 bytes
File N:\other\EZ+AZ\A mostani csajaim\sexy_2003_junius18_1.jpg 35543 bytes
File N:\other\EZ+AZ\A mostani csajaim\sexy_2004.08.25_01.jpg 56288 bytes
File N:\other\EZ+AZ\A mostani csajaim\sexy_2005.03.30_02.jpg 59841 bytes
File N:\other\EZ+AZ\Adventskalender 2006.pps 1883648 bytes
File N:\other\EZ+AZ\Aria.pps 565248 bytes
File N:\other\EZ+AZ\Automoso.pps 689152 bytes
File N:\other\EZ+AZ\Bathing-srht.pps 587264 bytes
File N:\other\EZ+AZ\best_Vanessa Ribeiro.pps 660480 bytes
File N:\other\EZ+AZ\kis artatlan jogging 0 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image001.jpg 39417 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image002.jpg 39261 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image003.jpg 41295 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image004.jpg 51330 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image005.jpg 36444 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image006.jpg 39066 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image007.jpg 42834 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image008.jpg 34548 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image009.jpg 33759 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image010.jpg 32937 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image011.jpg 30600 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image012.jpg 30687 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image013.jpg 28755 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image014.jpg 34206 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image015.jpg 30255 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image016.jpg 24300 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image017.jpg 34971 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image018.jpg 29988 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image019.jpg 29553 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image020.jpg 21423 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image021.jpg 34236 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image022.jpg 32484 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image023.jpg 29430 bytes
File N:\other\EZ+AZ\kis artatlan jogging\image024.jpg 29361 bytes
File N:\other\EZ+AZ\Magyar Playboy 0 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara 0 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\Thumbs.db 133120 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x02.jpg 50583 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x03.jpg 49392 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x04.jpg 38735 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x05.jpg 70965 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x06.jpg 52943 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x07.jpg 51859 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x08.jpg 56420 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x09.jpg 50360 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x10.jpg 149930 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x11.jpg 62033 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x12.jpg 89023 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x13.jpg 71118 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x14.jpg 84854 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x15.jpg 94046 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x16.jpg 80274 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x17.jpg 93358 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\x18.jpg 64442 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-01.jpg 58855 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-02.jpg 84939 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-03.jpg 38877 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-04.jpg 46102 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-05.jpg 52964 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-06.jpg 52999 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-07.jpg 51607 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-08.jpg 40502 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-09.jpg 48720 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-10.jpg 41476 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-11.jpg 37867 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-12.jpg 59909 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-13.jpg 79354 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-14.jpg 73334 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-15.jpg 76313 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.01 - Xantus Barbara\xanbarbplay-16.jpg 71950 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika 0 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\Thumbs.db 41472 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullman1.jpg 48064 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullmann2.jpeg 25769 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullmann3.jpeg 41031 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullmann4.jpeg 23675 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullmann5.jpeg 38094 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullmann6.jpeg 31548 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullmann7.jpeg 48460 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullmann8.jpg 39275 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullmann9.jpeg 36747 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.02 - Ullmann Mónika\ullmannwallp.jpeg 73394 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica 0 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\biro_ica1.jpg 80673 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\biro_ica2.jpg 81182 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\biro_ica3.jpg 86355 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\biro_ica4.jpg 51685 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\biro_ica5.jpg 73624 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\biro_ica6.jpg 54637 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\biro_ica7.jpg 48648 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\biro_ica8.jpg 40224 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\biro_icacimlap.jpg 106621 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.03 - Bíró Ica\Thumbs.db 32256 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa 0 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa001.jpg 75989 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa002.jpg 94441 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa_playboy01.jpg 94350 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa_playboy02.jpg 98731 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa_playboy03.jpg 32090 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa_playboy04.jpg 56460 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa_playboy05.jpg 18916 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa_playboy06.jpg 53530 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa_playboy07.jpg 37159 bytes
File N:\other\EZ+AZ\Magyar Playboy\2000.04 - Eördög Alexa\alexa_playboy08.jpg 33983 bytes
File N:\other\EZ
  • 0

#65
JSntgRvr
Posted 02 January 2009 - 11:09 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Set Explorer to view Hidden Files and Folders:
  • Right-click your Start button and go to "Explore".
  • Select Tools from the menu
  • Select Folder Options
  • Select the View tab
  • Click on Show all Files and Folders
  • Remove the checkmark from Hide extensions for known file types
  • Remove the checkmark from Hide protected operating System files
  • Select Apply to All Folders | Yes | Apply | OK.
Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "Requested by JSntgRvr"
  • Put a link to this thread in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:

    • C:\Windows\System32\Drivers\spbh.sys
  • Press the more attachments button .
  • click the browse button, then navigate to this file:

    • C:\Windows\System32\Drivers\amqzbs38.SYS
  • When all the files are listed in the window Click Post.

[*]Click Post.
[/list]Set Explorer to Defaults:
  • Right-click your Start button and go to "Explore".
  • Select Tools from the menu
  • Select Folder Options
  • Select the View tab
  • Click on Restore Defaults
  • Select Apply to All Folders | Yes | Apply | OK.

Let me know when done.
  • 0

#66
betyar
Posted 02 January 2009 - 11:34 AM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
none of them are appeared in windows/system32/drivers.
  • 0

#67
JSntgRvr
Posted 02 January 2009 - 12:17 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
I don't know what to say. If you can't see them, there is not much we can do about. If the computer is running within acceptable parameters, I would consider AVG findings as a False Positive:

Go to Start -> Run, copy and paste the following command and click OK. A new document will be produced on your desktop. Open this document in Notepad and post its report.

[codebox]CMD /C Dir /a /s "C:\Windows\System32\Drivers" >%Userprofile%\Desktop\Found.txt[/codebox]
  • 0

#68
betyar
Posted 02 January 2009 - 12:51 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
nothing happened.there is no new doc on my desktop.

I don't understand too.nothing else finds this hidden driver,just AVG.it started approx. 10 days ago.before that time AVG never detected it.I can state I did a full scan almost every week.now I'm afraid of that somebody steal my passwords,and can access my financial things. :-(

another strange thing in IE:usually when I do a search with e.g. google,AVG activates its webprotection and places a green tick near the results if they are safe,or warns me if not and places a red cross.some minutes ago I realised that there are no more such marks near the results.I tried the same with firefox,and webprotection works with it.is it due to some settings or what dou you think,what happened?
  • 0

#69
JSntgRvr
Posted 02 January 2009 - 02:17 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Download the enclosed file. Save and extract its contents to the desktop. It is a batch file. Once extracted doubleclick on the batch file and post the contents of the report it will produce.
  • 0

#70
betyar
Posted 02 January 2009 - 02:20 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
All files.


A meghajtóban © lévő kötet rendszer.
A kötet sorozatszáma: 00C9-7361

C:\Windows\System32\Drivers tartalma:

2009.01.01. 23:53 <DIR> .
2009.01.01. 23:53 <DIR> ..
2008.04.14. 16:33 188 032 acpi.sys
2001.10.26. 13:00 11 904 acpiec.sys
2008.04.14. 17:01 4 255 adv01nt5.dll
2008.04.14. 17:01 3 967 adv02nt5.dll
2008.04.14. 17:01 3 615 adv05nt5.dll
2008.04.14. 17:01 3 647 adv07nt5.dll
2008.04.14. 17:01 3 135 adv08nt5.dll
2008.04.14. 17:01 3 711 adv09nt5.dll
2008.04.14. 17:01 3 775 adv11nt5.dll
2008.04.13. 17:39 142 592 aec.sys
2008.08.14. 11:04 138 496 afd.sys
2008.04.13. 19:36 42 368 agp440.sys
2008.04.13. 19:36 44 928 agpcpq.sys
2008.04.13. 19:36 42 752 alim1541.sys
2008.04.13. 19:36 43 008 amdagp.sys
2008.04.14. 16:34 41 600 amdk6.sys
2008.04.14. 16:34 41 984 amdk7.sys
2008.12.31. 00:53 103 360 AnyDVD.sys
2008.04.13. 19:51 60 800 arp1394.sys
2008.04.13. 19:57 14 336 asyncmac.sys
2008.04.13. 19:40 96 512 atapi.sys
2004.08.03. 21:29 56 623 ati1btxx.sys
2004.08.03. 21:29 11 615 ati1mdxx.sys
2004.08.03. 21:29 12 047 ati1pdxx.sys
2004.08.03. 21:29 30 671 ati1raxx.sys
2004.08.03. 21:29 63 663 ati1rvxx.sys
2004.08.03. 21:29 26 367 ati1snxx.sys
2004.08.03. 21:29 21 343 ati1ttxx.sys
2004.08.03. 21:29 36 463 ati1tuxx.sys
2004.08.03. 21:29 29 455 ati1xbxx.sys
2004.08.03. 21:29 34 735 ati1xsxx.sys
2004.08.17. 15:19 327 040 ati2mtaa.sys
2004.04.21. 16:11 729 088 ati2mtag.sys
2004.08.03. 21:29 57 856 atinbtxx.sys
2004.08.03. 21:29 13 824 atinmdxx.sys
2004.08.03. 21:29 14 336 atinpdxx.sys
2004.08.03. 21:29 52 224 atinraxx.sys
2004.08.03. 21:29 104 960 atinrvxx.sys
2004.08.03. 21:29 28 672 atinsnxx.sys
2004.08.03. 21:29 13 824 atinttxx.sys
2004.08.03. 21:29 73 216 atintuxx.sys
2004.08.03. 21:29 31 744 atinxbxx.sys
2004.08.03. 21:29 63 488 atinxsxx.sys
2004.07.17. 10:36 64 352 ativmc20.cod
2008.04.13. 19:51 59 904 atmarpc.sys
2001.10.26. 13:00 31 360 atmepvc.sys
2008.04.13. 19:51 55 808 atmlane.sys
2001.10.26. 13:00 352 256 atmuni.sys
2008.04.14. 17:01 21 183 atv01nt5.dll
2008.04.14. 17:01 11 359 atv02nt5.dll
2008.04.14. 17:01 25 471 atv04nt5.dll
2008.04.14. 17:01 14 143 atv06nt5.dll
2008.04.14. 17:01 17 279 atv10nt5.dll
2001.08.17. 22:59 3 072 audstub.sys
2009.01.02. 18:06 <DIR> Avg
2008.12.30. 21:15 98 440 avgldx86.sys
2008.12.30. 21:15 26 824 avgmfx86.sys
2008.12.30. 21:15 12 936 avgrkx86.sys
2008.12.30. 21:16 90 632 avgtdix.sys
2008.04.13. 19:46 11 776 bdasup.sys
2001.10.26. 13:00 4 224 beep.sys
2008.04.13. 19:53 71 552 bridge.sys
2008.04.13. 19:46 17 024 bthenum.sys
2008.04.13. 19:46 37 888 bthmodem.sys
2008.04.13. 19:51 101 120 bthpan.sys
2008.06.14. 18:36 272 512 bthport.sys
2008.04.13. 19:46 36 480 bthprint.sys
2008.04.13. 19:46 18 944 bthusb.sys
2001.10.26. 13:00 13 952 cbidf2k.sys
2008.04.13. 19:46 17 024 ccdecode.sys
2001.10.26. 13:00 18 688 cdaudio.sys
2008.04.13. 20:14 63 744 cdfs.sys
2007.03.27. 08:55 2 432 cdr4_xp.sys
2007.03.27. 08:55 2 560 cdralw2k.sys
2008.04.13. 19:40 62 976 cdrom.sys
2008.04.14. 17:01 15 423 ch7xxnt5.dll
2001.10.26. 13:00 262 528 cinemst2.sys
2008.04.13. 20:16 49 536 classpnp.sys
2002.07.16. 11:58 379 726 cmaudio.sys
2001.10.26. 13:00 11 776 cpqdap01.sys
2008.04.14. 16:39 40 960 crusoe.sys
2004.07.17. 21:55 129 045 cxthsfs2.cty
2004.10.06. 17:37 <DIR> disdn
2008.04.13. 19:40 36 352 disk.sys
2008.04.13. 19:40 14 208 diskdump.sys
2008.04.14. 16:41 800 000 dmboot.sys
2008.04.14. 16:41 153 984 dmio.sys
2001.10.26. 13:00 5 888 dmload.sys
2008.04.13. 19:45 52 864 dmusic.sys
2008.04.13. 19:45 60 160 drmk.sys
2008.04.13. 19:45 2 944 drmkaud.sys
2001.10.26. 13:00 10 496 dxapi.sys
2008.04.13. 19:38 71 168 dxg.sys
2001.10.26. 13:00 3 328 dxgthk.sys
2008.12.31. 14:59 24 872 ElbyCDIO.sys
2009.01.01. 20:18 <DIR> etc
2008.04.13. 20:14 143 744 fastfat.sys
2008.04.13. 19:40 27 392 fdc.sys
2008.04.14. 16:35 44 672 fips.sys
2008.04.13. 19:40 20 480 flpydisk.sys
2008.04.13. 19:32 129 792 fltmgr.sys
2001.10.26. 13:00 12 288 fsvga.sys
2001.10.26. 13:00 7 936 fs_rec.sys
2001.10.26. 13:00 125 312 ftdisk.sys
2008.04.13. 19:36 46 464 gagp30kx.sys
2008.04.13. 19:45 10 624 gameenum.sys
2002.09.25. 20:35 9 344 GEARAspiWDM.sys
2001.10.26. 13:00 3 440 660 gm.dls
2008.12.30. 20:35 85 969 gmer.sys
2001.10.26. 13:00 646 gmreadme.txt
2008.04.13. 17:36 144 384 hdaudbus.sys
2008.04.14. 16:37 25 728 hidbth.sys
2008.04.13. 19:45 36 864 hidclass.sys
2008.04.13. 19:45 19 200 hidir.sys
2008.04.13. 19:45 24 960 hidparse.sys
2004.08.03. 21:41 220 032 hsfbs2s2.sys
2004.08.03. 21:41 685 056 hsfcxts2.sys
2004.08.03. 21:41 1 041 536 hsfdpsp2.sys
2008.04.13. 19:53 264 832 http.sys
2008.04.14. 16:38 52 736 i8042prt.sys
2008.04.13. 19:40 42 112 imapi.sys
2008.04.14. 16:39 40 576 intelppm.sys
2008.04.13. 19:53 36 608 ip6fw.sys
2001.10.26. 13:00 32 896 ipfltdrv.sys
2008.04.13. 19:57 20 864 ipinip.sys
2008.04.13. 19:57 152 832 ipnat.sys
2008.04.13. 20:19 75 264 ipsec.sys
2008.04.13. 19:45 46 592 irbus.sys
2008.04.13. 19:54 11 264 irenum.sys
2008.04.14. 16:40 37 504 isapnp.sys
2002.11.27. 13:52 1 024 jedih2rx.bin
2002.11.27. 13:52 42 jedireg.pat
2008.04.14. 16:40 24 960 kbdclass.sys
2008.04.13. 19:45 172 416 kmixer.sys
2008.04.13. 20:16 141 056 ks.sys
2008.04.13. 19:31 92 288 ksecdd.sys
2001.10.26. 13:00 7 680 mcd.sys
2004.08.03. 21:41 11 868 mdmxsdk.sys
2008.04.13. 19:36 63 744 mf.sys
2001.10.26. 13:00 4 224 mnmdd.sys
2008.04.14. 16:33 30 208 modem.sys
2008.04.14. 16:33 23 424 mouclass.sys
2008.04.13. 19:39 42 368 mountmgr.sys
2008.04.13. 19:46 15 232 mpe.sys
2008.04.13. 19:39 92 544 mqac.sys
2008.04.13. 19:32 180 608 mrxdav.sys
2008.10.24. 12:21 455 296 mrxsmb.sys
2008.04.13. 19:46 51 200 msdv.sys
2008.04.13. 19:32 19 072 msfs.sys
2008.04.13. 19:56 35 072 msgpc.sys
2008.04.13. 19:39 7 552 mskssrv.sys
2008.04.13. 19:39 5 376 mspclock.sys
2008.04.13. 19:39 4 992 mspqm.sys
2008.04.13. 19:36 15 488 mssmbios.sys
2008.04.13. 19:39 5 504 mstee.sys
2004.08.03. 21:41 126 686 mtlmnt5.sys
2004.08.03. 21:41 1 309 184 mtlstrm.sys
2004.08.03. 21:29 452 736 mtxparhm.sys
2008.04.13. 20:17 105 344 mup.sys
2008.04.13. 19:43 12 672 mutohpen.sys
2008.04.13. 19:46 85 248 nabtsfec.sys
2008.04.13. 20:20 182 656 ndis.sys
2008.04.13. 19:46 10 880 ndisip.sys
2008.04.13. 19:57 10 112 ndistapi.sys
2008.04.13. 19:55 14 592 ndisuio.sys
2008.04.13. 20:20 91 520 ndiswan.sys
2008.04.13. 19:57 40 576 ndproxy.sys
2008.04.13. 19:56 34 688 netbios.sys
2008.04.13. 20:21 162 816 netbt.sys
2004.07.17. 10:35 67 866 netwlan5.img
2008.04.13. 19:51 61 824 nic1394.sys
2001.10.26. 13:00 12 032 nikedrv.sys
2008.04.13. 19:53 40 320 nmnt.sys
2006.05.29. 07:26 127 488 nmwcd.sys
2006.05.29. 07:26 13 312 nmwcdcm.sys
2008.04.13. 19:32 30 848 npfs.sys
2008.04.13. 20:15 574 976 ntfs.sys
2004.08.03. 21:41 180 360 ntmtlfax.sys
2001.10.26. 13:00 2 944 null.sys
2004.08.03. 21:29 1 897 408 nv4_mini.sys
2004.10.22. 10:41 413 824 nvapu.sys
2004.10.22. 10:42 66 688 nvarm.sys
2004.10.22. 10:38 53 376 nvax.sys
2002.11.27. 13:52 80 896 NVENET.sys
2004.10.22. 10:42 919 424 nvmcp.sys
2003.03.19. 08:51 18 688 nv_agp.SYS
2001.10.26. 13:00 12 416 nwlnkflt.sys
2001.10.26. 13:00 32 512 nwlnkfwd.sys
2008.04.13. 19:56 88 320 nwlnkipx.sys
2001.10.26. 13:00 63 232 nwlnknb.sys
2001.10.26. 13:00 55 936 nwlnkspx.sys
2008.04.13. 19:34 163 584 nwrdr.sys
2001.10.26. 13:00 3 456 oprghdlr.sys
2008.04.14. 16:44 46 976 p3.sys
2008.04.14. 16:44 80 128 parport.sys
2008.04.13. 19:40 19 712 partmgr.sys
2001.10.26. 13:00 6 912 parvdm.sys
2008.04.14. 16:44 67 968 pci.sys
2001.10.26. 19:10 3 328 pciide.sys
2008.04.13. 19:40 24 960 pciidex.sys
2008.04.14. 16:44 120 192 pcmcia.sys
2008.12.25. 17:42 47 360 pcouffin.sys
2008.04.13. 20:19 146 048 portcls.sys
2008.04.14. 16:35 40 064 processr.sys
2008.04.13. 19:56 69 120 psched.sys
2001.10.26. 13:00 17 792 ptilink.sys
2007.08.15. 23:33 43 528 pxhelp20.sys
2002.11.27. 13:52 122 ramsed.bin
2001.10.26. 13:00 8 832 rasacd.sys
2008.04.13. 20:19 51 328 rasl2tp.sys
2008.04.13. 19:57 41 472 raspppoe.sys
2008.04.13. 20:19 48 384 raspptp.sys
2001.10.26. 13:00 16 512 raspti.sys
2001.10.26. 13:00 34 432 rawwan.sys
2008.04.13. 20:28 175 744 rdbss.sys
2001.10.26. 13:00 4 224 rdpcdd.sys
2008.04.13. 19:32 196 224 rdpdr.sys
2008.04.14. 17:02 139 656 rdpwd.sys
2004.08.03. 21:41 13 776 recagent.sys
2008.04.14. 16:36 57 984 redbook.sys
2007.02.16. 01:56 11 984 RegKill.sys
2008.04.13. 19:46 59 136 rfcomm.sys
2001.10.26. 13:00 12 032 rio8drv.sys
2001.10.26. 13:00 12 032 riodrv.sys
2008.05.08. 15:02 203 136 rmcast.sys
2008.04.13. 19:56 30 592 rndismp.sys
2008.04.13. 19:56 30 592 rndismpx.sys
2001.10.26. 13:00 5 888 rootmdm.sys
2004.08.03. 21:29 166 912 s3gnbm.sys
2008.04.13. 19:40 96 384 scsiport.sys
2008.04.13. 19:36 79 232 sdbus.sys
2007.11.13. 11:25 20 480 secdrv.sys
2008.04.13. 19:40 15 744 serenum.sys
2008.04.14. 16:38 65 152 serial.sys
2001.10.26. 19:43 18 048 sermouse.sys
2008.04.13. 19:40 11 904 sffdisk.sys
2008.04.13. 19:40 10 240 sffp_mmc.sys
2008.04.13. 19:40 11 008 sffp_sd.sys
2008.04.13. 19:40 11 392 sfloppy.sys
2008.04.14. 17:01 3 901 siint5.dll
2008.04.13. 19:36 40 960 sisagp.sys
2008.04.13. 19:46 11 136 slip.sys
2004.08.03. 21:41 129 535 slnt7554.sys
2004.08.03. 21:41 404 990 slntamr.sys
2004.08.03. 21:41 95 424 slnthal.sys
2004.08.03. 21:41 13 240 slwdmsup.sys
2008.04.13. 19:36 5 888 smbali.sys
2001.10.26. 13:00 14 592 smclib.sys
2008.04.13. 19:46 25 344 sonydcam.sys
2002.10.01. 13:43 119 798 spca561.sys
2008.04.13. 19:45 6 272 splitter.sys
2008.12.25. 00:16 717 296 sptd.sys
2008.04.14. 16:44 73 472 sr.sys
2008.09.08. 11:41 333 824 srv.sys
2008.04.13. 19:45 49 408 stream.sys
2008.04.13. 19:46 15 232 streamip.sys
2008.04.13. 19:39 4 352 swenum.sys
2008.04.13. 19:45 56 576 swmidi.sys
2008.04.13. 20:15 60 800 sysaudio.sys
2008.04.13. 19:40 14 976 tape.sys
2008.06.20. 12:51 361 600 tcpip.sys
2008.06.20. 12:08 225 856 tcpip6.sys
2008.04.13. 20:00 19 072 tdi.sys
2008.04.14. 17:02 12 040 tdpipe.sys
2008.04.14. 17:02 21 896 tdtcp.sys
2008.04.14. 17:02 40 840 termdd.sys
2001.10.26. 13:00 51 712 tosdvd.sys
2001.10.26. 13:00 21 376 tsbvcap.sys
2008.04.13. 19:56 12 288 tunmp.sys
2008.04.13. 19:36 44 672 uagp35.sys
2008.04.13. 19:32 66 048 udfs.sys
2007.05.23. 22:10 <DIR> UMDF
2008.04.13. 19:39 384 768 update.sys
2008.04.13. 19:56 12 800 usb8023.sys
2008.04.13. 19:56 12 800 usb8023x.sys
2008.04.13. 19:45 25 600 usbcamd.sys
2008.04.13. 19:45 25 728 usbcamd2.sys
2001.10.26. 13:00 4 736 usbd.sys
2008.04.13. 19:45 30 208 usbehci.sys
2008.04.13. 19:45 59 520 usbhub.sys
2008.04.13. 19:45 15 872 usbintel.sys
2008.04.13. 19:45 17 152 usbohci.sys
2008.04.13. 19:45 143 872 usbport.sys
2008.04.13. 19:47 25 856 usbprint.sys
2008.04.13. 19:45 15 104 usbscan.sys
2008.04.13. 19:45 26 112 usbser.sys
2007.02.06. 22:04 22 768 usbsermpt.sys
2008.04.13. 19:45 26 368 usbstor.sys
2008.04.13. 19:46 121 984 usbvideo.sys
2008.04.14. 17:02 11 325 vchnt5.dll
2001.10.26. 13:00 58 112 vdmindvd.sys
2008.04.13. 19:44 20 992 vga.sys
2008.04.13. 19:36 42 240 viaagp.sys
2008.04.13. 19:44 81 664 videoprt.sys
2008.04.14. 16:35 52 608 volsnap.sys
2008.04.13. 19:43 14 208 wacompen.sys
2004.08.03. 21:29 11 807 wadv07nt.sys
2004.08.03. 21:29 11 295 wadv08nt.sys
2004.08.03. 21:29 11 871 wadv09nt.sys
2004.08.03. 21:29 11 935 wadv11nt.sys
2008.04.13. 19:57 34 560 wanarp.sys
2004.08.03. 21:29 22 271 watv06nt.sys
2004.08.03. 21:29 25 471 watv10nt.sys
2003.02.22. 22:03 31 273 wceusbsh.sys
2008.04.13. 20:17 83 072 wdmaud.sys
2001.10.26. 13:00 4 352 wmilib.sys
2006.10.18. 19:00 38 528 wpdusb.sys
2001.10.26. 13:00 12 032 ws2ifsl.sys
2008.04.13. 19:46 19 200 wstcodec.sys
2006.09.28. 17:55 77 568 WudfPf.sys
2006.09.28. 18:00 82 944 WudfRd.sys
307 fájl 30 076 703 bájt

C:\Windows\System32\Drivers\Avg tartalma:

2009.01.02. 18:06 <DIR> .
2009.01.02. 18:06 <DIR> ..
2008.12.30. 21:06 6 061 540 avi7.avg
2009.01.02. 18:06 31 457 375 incavi.avm
2009.01.01. 20:20 14 903 microavi.avg
2008.12.30. 21:11 368 010 miniavi.avg
4 fájl 37 901 828 bájt

C:\Windows\System32\Drivers\disdn tartalma:

2004.10.06. 17:37 <DIR> .
2004.10.06. 17:37 <DIR> ..
0 fájl 0 bájt

C:\Windows\System32\Drivers\etc tartalma:

2009.01.01. 20:18 <DIR> .
2009.01.01. 20:18 <DIR> ..
2009.01.01. 20:18 27 hosts
2001.10.26. 13:00 687 hosts.20080212-220510.backup
2008.02.12. 22:05 224 729 hosts.20080909-221705.backup
2008.09.09. 21:17 263 781 hosts.20080909-221724.backup
2008.09.09. 21:17 263 781 hosts.20081108-213609.backup
2008.11.08. 21:36 288 157 hosts.20081218-214417.backup
2008.12.18. 21:44 291 196 hosts.20081220-225237.backup
2008.02.12. 22:05 224 729 hosts.msn
2001.10.26. 13:00 4 194 lmhosts.sam
2001.10.26. 13:00 423 networks
2001.10.26. 13:00 802 protocol
2001.10.26. 13:00 7 177 services
12 fájl 1 569 683 bájt

C:\Windows\System32\Drivers\UMDF tartalma:

2007.05.23. 22:10 <DIR> .
2007.05.23. 22:10 <DIR> ..
2007.05.23. 22:09 0 MsftWdf_user_01_00_00.Wdf
2006.10.18. 20:47 671 232 wpdmtpdr.dll
2 fájl 671 232 bájt

Listázott fájlok száma:
325 fájl 70 219 446 bájt
14 könyvtár 12 145 094 656 bájt szabad


Hidden files.


A meghajtóban © lévő kötet rendszer.
A kötet sorozatszáma: 00C9-7361

C:\Windows\System32\Drivers\UMDF tartalma:

2007.05.23. 22:09 0 MsftWdf_user_01_00_00.Wdf
1 fájl 0 bájt

Listázott fájlok száma:
1 fájl 0 bájt
0 könyvtár 12 145 106 944 bájt szabad
  • 0

Advertisements

#71
JSntgRvr
Posted 02 January 2009 - 02:27 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Do you see that driver in the list?
  • 0

#72
betyar
Posted 02 January 2009 - 02:32 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
no,I don't.
  • 0

#73
JSntgRvr
Posted 02 January 2009 - 02:39 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Some applications such as, Anti-virus, Anti-spyware, anti-adware, ...etc, create drivers for their on protection. That does not means there are viruses in the computer. I believe AVG's detection is a false positive. In your position I would disregard that finding.

Of the tools I asked you to download, what is left on our desktop?
  • 0

#74
betyar
Posted 02 January 2009 - 02:42 PM

betyar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
gmer.zip and search.zip.
  • 0

#75
JSntgRvr
Posted 02 January 2009 - 02:57 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Hi, betyar :)

Have them removed (Right click on them and select Delete).

Posted ImagePlease download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please download OTCleanIT by OldTimer.
  • Save it to your desktop.
  • Please double-click OTCleanIT.exe to run it. (Vista users, please right click on OTCleanIT.exe and select "Run as an Administrator")
  • This will delete the tools we used in the removal of malware, including this program.
  • If you are asked to reboot to complete the removal process then please do so
Upon restart, manually remove any remaining tools.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

Best wishes! Posted Image
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP