logimen Opublikowano 23 Kwietnia 2011 Zgłoś Opublikowano 23 Kwietnia 2011 Witam, Na laptopie rodzicow jest cala zgraja roznego badziewia. Doszlo nawet do tego, ze ze 3 przelewy elektroniczne "poszly w kosmos" z matki firmowego konta bo ojciec tak dbal o kompa. Dlatego przeskanowalem sobie desktopa i prosze o sprawdzenie dwoch logow. Pozniej wrzuce jeszcze logi z laptopa. P.S. co teraz zrobic w takiej sytuacji ? Zmieniac PIN do konta czy wogole konto cale zmienic ? pierwszy raz mamy taka sytuacje przez ojca niedbalstwo bo klika we wszystko co wyskoczy, a na laptopie byl i nadal jest legalny KAV 9.x z bazamia uaktualnianymi co godzine. Wszystkie zapory i moduly wlaczone 8O Log z GMer'a GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover Rootkit scan 2011-04-23 09:44:06 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500JS-00NCB1 rev.10.02E02 Running: kfgrpwpp.exe; Driver: C:\Users\logimen\AppData\Local\Temp\axliafod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C809A9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBA212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spns.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 91FAACA0 5 Bytes JMP 8688C4E0 .text apq22qzy.SYS 90D45000 12 Bytes [44, C8, C0, 82, EE, C6, C0, ...] .text apq22qzy.SYS 90D4500D 9 Bytes [A7, C0, 82, 48, CB, C0, 82, ...] .text apq22qzy.SYS 90D45017 20 Bytes [00, DE, C7, B8, 8B, E6, C5, ...] .text apq22qzy.SYS 90D4502C 149 Bytes [00, 00, 00, 00, F0, B5, C7, ...] .text apq22qzy.SYS 90D450C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ... ? C:\Users\logimen\AppData\Local\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\notepad.exe[1660] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 0012A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Windows\notepad.exe[1660] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 0012A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Windows\system32\taskeng.exe[1752] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 0094A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Windows\system32\taskeng.exe[1752] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 0094A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1840] kernel32.dll!SetUnhandledExceptionFilter 76FE3162 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1920] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 01E5A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1920] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 01E5A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Users\logimen\Desktop\Inne\CoreTemp\Core Temp.exe[1932] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 018DA390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Users\logimen\Desktop\Inne\CoreTemp\Core Temp.exe[1932] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 018DA4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Windows\system32\taskhost.exe[2012] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 01C7A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Windows\system32\taskhost.exe[2012] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 01C7A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2200] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2200] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Windows\system\HsMgr.exe[2216] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Windows\system\HsMgr.exe[2216] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\Windows Sidebar\sidebar.exe[2236] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\Windows Sidebar\sidebar.exe[2236] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2256] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 01D4A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2256] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 01D4A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Users\logimen\Desktop\AVS\kfgrpwpp.exe[2524] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 002EA390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Users\logimen\Desktop\AVS\kfgrpwpp.exe[2524] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 002EA4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe[2620] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 003CA390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) .text C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe[2620] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 003CA4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BA90042] \SystemRoot\System32\Drivers\spns.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BA906D6] \SystemRoot\System32\Drivers\spns.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BA90800] \SystemRoot\System32\Drivers\spns.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BA9013E] \SystemRoot\System32\Drivers\spns.sys IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8575D1F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \FileSystem\fastfat \FatCdrom 879BE1F8 Device \FileSystem\udfs \UdfsCdRom 87EBF1F8 Device \FileSystem\udfs \UdfsDisk 87EBF1F8 Device \Driver\volmgr \Device\VolMgrControl 857591F8 Device \Driver\usbuhci \Device\USBPDO-0 86889500 Device \Driver\sptd \Device\1298531199 spns.sys Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-1 86889500 Device \Driver\NetBT \Device\NetBT_Tcpip_{DDC7405D-72C8-4606-A2F9-47A6549C934E} 868031F8 Device \Driver\usbuhci \Device\USBPDO-2 86889500 Device \Driver\usbehci \Device\USBPDO-3 86867500 Device \Driver\usbuhci \Device\USBPDO-4 86889500 Device \Driver\usbuhci \Device\USBPDO-5 86889500 Device \Driver\usbuhci \Device\USBPDO-6 86889500 Device \Driver\volmgr \Device\HarddiskVolume1 857591F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 86867500 Device \Driver\volmgr \Device\HarddiskVolume2 857591F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 867941F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8575B1F8 Device \Driver\atapi \Device\Ide\IdePort0 8575B1F8 Device \Driver\atapi \Device\Ide\IdePort1 8575B1F8 Device \Driver\atapi \Device\Ide\IdePort2 8575B1F8 Device \Driver\atapi \Device\Ide\IdePort3 8575B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8575B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 8575B1F8 Device \Driver\volmgr \Device\HarddiskVolume3 857591F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 867941F8 Device \Driver\volmgr \Device\HarddiskVolume4 857591F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom2 867941F8 Device \Driver\volmgr \Device\HarddiskVolume5 857591F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume6 857591F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume7 857591F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 868031F8 Device \Driver\volmgr \Device\HarddiskVolume8 857591F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume9 857591F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\PCI_PNP3198 \Device\0000005b spns.sys Device \Driver\usbuhci \Device\USBFDO-0 86889500 Device \Driver\usbuhci \Device\USBFDO-1 86889500 Device \Driver\usbuhci \Device\USBFDO-2 86889500 Device \Driver\usbehci \Device\USBFDO-3 86867500 Device \Driver\usbuhci \Device\USBFDO-4 86889500 Device \Driver\usbuhci \Device\USBFDO-5 86889500 Device \Driver\usbuhci \Device\USBFDO-6 86889500 Device \Driver\usbehci \Device\USBFDO-7 86867500 Device \Driver\apq22qzy \Device\Scsi\apq22qzy1Port4Path0Target1Lun0 86A941F8 Device \Driver\apq22qzy \Device\Scsi\apq22qzy1 86A941F8 Device \Driver\apq22qzy \Device\Scsi\apq22qzy1Port4Path0Target0Lun0 86A941F8 Device \FileSystem\fastfat \Fat 879BE1F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00134600683c Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0xAB 0xC8 0x47 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0xA5 0x72 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE6 0x77 0xD4 0xDB ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x29 0xE4 0x12 0x43 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL FBD067C00BD895B05FC90878FA1A9120949C2EA603FB894FFCD53C2417126901B84C7BA17D8A21FC3011DAF2DE0128852BA936B160230E20F2A0322FD9A320AD8EDD272F0A0317D506D49A026D1FDEBD3880CA5B1A1DE60E443247082B978351FCA99E6FC4A86294EF0615DE1F390A677F7E72AFA3AB71A00373DA33A14C1D768546B8790415D46802883AD629C4E377C3F6D652B742EF2EC6C5EE499652D5FAAFC172786397A0D3D3B69F4B086E8835CE2DC677528A88E5267BAB72A8EE7F10859B6C3042B3E0AE815DFC327D157A3C6CDE32ECB5DF4746415AD970B91DCB3D96476871439D1122A93CB0948C4D9F7CECB6308DE6D29825371F6A1670FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B555A2D97226D213B5552A0DDEA8C492D778112C7252E6D6DD6D950CC2D6963238AABF0F429D660660E7F840F1AE18856AE2316AA9DA9E13F0075137B4F504A4DD33056233140FC3F182C7FDD8E6C395ACAF4EC0F3A42FF678013CED437A00A52BC3A444A196FA78D963DE017CBAB0AFF4FCB0731D688ACABD983A1F4111AAF381DD406C056218FCAD6AC06D97973665AEACD3AF466498F7A151641FD46898F55543AFF628B6C6CE96BC204639EC24ECD6626A82E259B30E976F09A4F Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 1.0.15 ---- Log z OTL'a OTL logfile created on: 2011-04-23 09:25:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\logimen\Desktop\AVS Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 37,57 Gb Total Space | 10,47 Gb Free Space | 27,86% Space Free | Partition Type: NTFS Drive D: | 150,00 Gb Total Space | 24,31 Gb Free Space | 16,21% Space Free | Partition Type: NTFS Drive E: | 269,96 Gb Total Space | 40,39 Gb Free Space | 14,96% Space Free | Partition Type: NTFS Drive F: | 69,09 Gb Total Space | 50,96 Gb Free Space | 73,76% Space Free | Partition Type: FAT32 Drive G: | 19,53 Gb Total Space | 19,44 Gb Free Space | 99,52% Space Free | Partition Type: NTFS Drive H: | 19,52 Gb Total Space | 10,32 Gb Free Space | 52,86% Space Free | Partition Type: FAT32 Drive I: | 67,07 Gb Total Space | 47,54 Gb Free Space | 70,88% Space Free | Partition Type: NTFS Drive J: | 20,06 Gb Total Space | 12,91 Gb Free Space | 64,37% Space Free | Partition Type: FAT32 Drive Z: | 7,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: LOGIMEN-PC | User Name: logimen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011-04-23 08:55:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\logimen\Desktop\AVS\OTL.exe PRC - [2011-04-07 22:44:48 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011-03-25 09:51:30 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2011-03-18 11:17:22 | 000,368,640 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe PRC - [2010-10-03 02:13:42 | 000,470,544 | ---- | M] () -- C:\Users\logimen\Desktop\Inne\CoreTemp\Core Temp.exe PRC - [2009-11-11 10:55:36 | 001,257,472 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe PRC - [2009-11-02 20:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2009-10-30 13:57:00 | 000,229,936 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLiteShellHlp.exe PRC - [2009-03-19 12:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2009-03-19 12:44:28 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2008-07-11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\system\HsMgr.exe ========== Modules (SafeList) ========== MOD - [2011-04-23 08:55:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\logimen\Desktop\AVS\OTL.exe MOD - [2011-03-25 09:51:24 | 000,081,920 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009-09-03 15:56:35 | 000,208,896 | ---- | M] (C-Media Electronics Inc.) -- C:\Windows\system\HsSrv.dll MOD - [2009-07-14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll MOD - [2009-07-14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll ========== Win32 Services (SafeList) ========== SRV - [2011-01-25 12:41:12 | 002,398,536 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2010-08-04 17:25:02 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2010-08-04 17:25:00 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\System32\ASTSRV.EXE -- (astcc) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-09-06 09:08:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009-07-16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-04-12 03:26:35 | 000,578,878 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\Shahed.exe -- (.EsetTrialReset) SRV - [2009-03-19 12:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-03-19 12:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO) DRV - [2011-04-08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011-03-03 17:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010-04-27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010-04-27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010-04-27 17:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2010-04-27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010-04-27 15:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010-03-26 00:28:13 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-12-18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009-11-02 20:18:37 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009-11-02 20:12:29 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2009-11-02 20:12:29 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009-11-02 20:12:29 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009-11-02 20:12:29 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2009-10-21 22:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse) DRV - [2009-10-21 22:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp) DRV - [2009-10-19 17:09:35 | 001,497,600 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp) DRV - [2009-09-28 17:27:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-09-22 17:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009-08-21 14:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\AmUStor.SYS -- (AmUStor) DRV - [2009-08-04 12:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iSSetup.sys -- (iSSetup) DRV - [2009-07-27 00:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR) DRV - [2009-07-27 00:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR) DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV - [2009-07-04 18:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie) DRV - [2009-07-02 08:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci) DRV - [2009-06-30 19:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\risdpe86.sys -- (risdpcie) DRV - [2009-06-25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk) DRV - [2009-06-25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp) DRV - [2009-06-25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk) DRV - [2009-03-19 12:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2009-03-19 12:45:34 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2009-03-19 12:45:32 | 000,131,976 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2009-03-19 12:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-03-19 12:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon) DRV - [2008-01-18 06:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\qd26032.sys -- (ioatdma) Intel® DRV - [2008-01-18 06:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\qd16032.sys -- (ioatdma1) DRV - [2007-09-25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo) DRV - [2007-02-16 20:27:26 | 000,068,936 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2005-09-23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2005-05-25 06:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32) DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org IE - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-03-26 00:29:33 | 000,000,000 | ---D | M] [2011-02-08 16:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\logimen\AppData\Roaming\mozilla\Extensions [2011-02-08 16:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\logimen\AppData\Roaming\mozilla\Extensions\Coder Preset [2011-02-08 16:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\logimen\AppData\Roaming\mozilla\Extensions\MediaCoder [2011-02-08 16:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\logimen\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard O1 HOSTS File: ([2011-02-10 01:51:34 | 000,000,155 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [Cmaudio8788] File not found O4 - HKLM..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe () O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Activities present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbar present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Activities present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbar present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Activities present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbar present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Activities present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbar present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Activities present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\CommandBar present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Privacy present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Safety present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Toolbar present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Toolbars present O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 1 O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = %w - Google Search O9 - Extra Button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-04-26 12:31:28 | 000,013,399 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O32 - AutoRun File - [2010-04-26 12:31:18 | 000,000,000 | ---D | M] - D:\AutoMapa EU -- [ NTFS ] O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011-04-23 08:54:40 | 000,000,000 | ---D | C] -- C:\Users\logimen\Desktop\AVS [2011-04-21 08:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve [2011-04-21 00:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011-04-20 18:52:08 | 000,000,000 | ---D | C] -- C:\Users\logimen\Documents\SimBin [2011-04-20 18:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimBin [2011-04-20 15:43:32 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll [2011-04-20 15:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Performance Monitor 4.x [2011-04-20 15:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\PerfMon4x [2011-04-18 19:54:00 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2011-04-18 19:54:00 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2011-04-18 19:54:00 | 010,690,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2011-04-18 19:54:00 | 010,071,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2011-04-18 19:54:00 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2011-04-18 19:54:00 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2011-04-18 19:54:00 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2011-04-18 19:54:00 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll [2011-04-18 19:54:00 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll [2011-04-18 19:54:00 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco322040.dll [2011-04-18 19:54:00 | 000,139,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2011-04-18 19:54:00 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011-04-18 19:54:00 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2011-04-18 19:54:00 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2011-04-16 23:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2011-04-10 23:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinHex [2011-04-07 22:45:08 | 000,580,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll [2011-04-07 22:45:06 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2011-04-07 22:44:58 | 003,701,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2011-04-07 22:44:48 | 002,565,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2011-04-02 17:28:33 | 000,000,000 | ---D | C] -- C:\Users\logimen\Desktop\Shift2 Tools [2011-04-02 12:12:21 | 000,000,000 | ---D | C] -- C:\Users\logimen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2011-03-31 12:28:49 | 000,000,000 | ---D | C] -- C:\Users\logimen\Desktop\skany bre mazda5 [2011-03-29 08:49:50 | 000,000,000 | ---D | C] -- C:\Users\logimen\Documents\SHIFT 2 UNLEASHED [2011-03-27 19:16:57 | 000,000,000 | ---D | C] -- C:\Users\logimen\AppData\Roaming\BDREBUILDER [2011-03-27 19:16:41 | 000,000,000 | ---D | C] -- C:\Users\logimen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 [2011-03-27 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 [2011-03-27 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2011-03-27 01:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2011-03-26 18:38:55 | 000,217,600 | ---- | C] (Microsoft) -- C:\Users\logimen\Desktop\Crysis2AdvancedGraphicsOptions.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011-04-23 08:26:40 | 000,019,248 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-04-23 08:26:40 | 000,019,248 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-04-23 08:25:51 | 002,038,388 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-04-23 08:25:51 | 001,074,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-04-23 08:25:51 | 000,593,092 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-04-23 08:25:51 | 000,547,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-04-23 08:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-04-23 08:19:04 | 000,188,696 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2011-04-22 22:56:56 | 000,000,270 | ---- | M] () -- C:\Users\logimen\Documents\BFF_Unpacker.config [2011-04-21 08:42:28 | 000,000,680 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011-04-20 18:48:07 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\STCC The Game 2.lnk [2011-04-19 20:35:15 | 000,000,352 | ---- | M] () -- C:\Users\logimen\Documents\BFF_Repacker.config [2011-04-16 22:54:14 | 006,358,287 | ---- | M] () -- C:\Users\logimen\Desktop\Scan-110416-0001.jpg [2011-04-12 23:08:16 | 000,000,031 | ---- | M] () -- C:\Users\logimen\Last session logimen.prj [2011-04-10 21:56:33 | 000,001,032 | ---- | M] () -- C:\Users\logimen\Desktop\Shift2.lnk [2011-04-08 07:14:00 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2011-04-08 07:14:00 | 013,007,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2011-04-08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2011-04-08 07:14:00 | 010,071,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2011-04-08 07:14:00 | 006,299,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2011-04-08 07:14:00 | 005,180,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2011-04-08 07:14:00 | 002,765,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2011-04-08 07:14:00 | 002,074,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2011-04-08 07:14:00 | 002,034,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2011-04-08 07:14:00 | 000,944,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll [2011-04-08 07:14:00 | 000,855,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll [2011-04-08 07:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011-04-08 07:14:00 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2011-04-08 07:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2011-04-07 23:17:26 | 000,007,680 | ---- | M] () -- C:\Users\logimen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-04-07 22:45:08 | 000,580,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll [2011-04-07 22:45:06 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2011-04-07 22:44:58 | 003,701,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2011-04-07 22:44:48 | 002,565,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2011-04-04 19:34:22 | 000,000,865 | ---- | M] () -- C:\Users\logimen\Desktop\Shift Mods.lnk [2011-04-04 18:09:22 | 000,000,299 | ---- | M] () -- C:\Users\logimen\Desktop\logimen.bat [2011-04-04 18:09:09 | 000,000,299 | ---- | M] () -- C:\Users\logimen\Desktop\kisiel.bat [2011-04-02 21:14:10 | 000,001,124 | ---- | M] () -- C:\Users\logimen\Desktop\Shift 2 Saves.lnk [2011-03-27 21:54:59 | 000,000,606 | ---- | M] () -- C:\Users\logimen\Desktop\autoexec.cfg [2011-03-27 01:30:26 | 000,000,018 | ---- | M] () -- C:\Users\logimen\Desktop\Crysis2AdvancedSettings.ini [2011-03-25 17:34:52 | 000,217,600 | ---- | M] (Microsoft) -- C:\Users\logimen\Desktop\Crysis2AdvancedGraphicsOptions.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011-04-21 08:42:28 | 000,000,680 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011-04-20 18:48:07 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\STCC The Game 2.lnk [2011-04-18 19:54:00 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011-04-16 22:54:13 | 006,358,287 | ---- | C] () -- C:\Users\logimen\Desktop\Scan-110416-0001.jpg [2011-04-10 23:27:42 | 000,000,031 | ---- | C] () -- C:\Users\logimen\Last session logimen.prj [2011-04-10 23:16:46 | 000,000,972 | ---- | C] () -- C:\Users\logimen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHex.lnk [2011-04-03 01:21:49 | 000,000,352 | ---- | C] () -- C:\Users\logimen\Documents\BFF_Repacker.config [2011-04-02 17:56:25 | 000,000,270 | ---- | C] () -- C:\Users\logimen\Documents\BFF_Unpacker.config [2011-03-30 01:24:18 | 000,000,299 | ---- | C] () -- C:\Users\logimen\Desktop\kisiel.bat [2011-03-30 01:19:25 | 000,000,299 | ---- | C] () -- C:\Users\logimen\Desktop\logimen.bat [2011-03-29 08:49:44 | 000,001,032 | ---- | C] () -- C:\Users\logimen\Desktop\Shift2.lnk [2011-03-27 01:31:06 | 000,000,606 | ---- | C] () -- C:\Users\logimen\Desktop\autoexec.cfg [2011-03-27 01:30:12 | 000,000,018 | ---- | C] () -- C:\Users\logimen\Desktop\Crysis2AdvancedSettings.ini [2011-03-05 03:01:10 | 000,007,666 | ---- | C] () -- C:\Users\logimen\AppData\Local\Resmon.ResmonCfg [2011-02-27 19:09:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll [2011-02-26 01:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI [2011-02-10 12:24:52 | 000,001,456 | ---- | C] () -- C:\Users\logimen\AppData\Local\Adobe Save for Web 12.0 Prefs [2011-02-03 01:48:10 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI [2011-02-01 19:12:03 | 001,871,840 | ---- | C] () -- C:\Windows\System32\xerces-c_2_6.dll [2011-01-30 12:21:18 | 000,000,123 | -HS- | C] () -- C:\ProgramData\.zreglib [2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010-04-25 12:09:55 | 000,000,053 | ---- | C] () -- C:\Windows\System32\cmasiop.ini [2010-04-25 12:09:53 | 000,045,212 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2010-04-25 12:09:52 | 000,557,056 | ---- | C] () -- C:\Windows\System32\Cmeauoxy.exe [2010-04-25 12:09:26 | 000,000,889 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2010-04-25 12:09:23 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2010-04-25 12:09:23 | 000,004,967 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2010-04-25 12:09:23 | 000,000,560 | ---- | C] () -- C:\Windows\cmudaxp.ini [2010-04-18 10:22:32 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI [2010-03-30 23:15:53 | 000,007,680 | ---- | C] () -- C:\Users\logimen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-29 23:40:36 | 000,140,248 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010-03-29 23:40:23 | 000,266,400 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010-03-29 23:40:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010-03-27 01:37:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010-03-26 17:59:53 | 002,038,388 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2010-03-26 17:59:53 | 000,593,092 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2010-03-26 17:59:53 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2010-03-26 17:59:53 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-11-16 15:59:21 | 002,580,858 | ---- | C] () -- C:\Windows\System32\activate.exe [2009-11-16 15:59:21 | 000,613,401 | ---- | C] () -- C:\Windows\System32\activator.exe [2009-11-16 15:58:26 | 000,613,189 | ---- | C] () -- C:\Windows\closetheme.exe [2009-11-16 09:15:36 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009-11-12 19:03:28 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2009-11-12 19:03:27 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll [2009-11-12 19:03:27 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll [2009-11-09 13:54:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009-11-08 23:33:51 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-11-08 23:33:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009-11-08 23:33:50 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2009-11-08 23:33:50 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-11-08 23:33:50 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-11-08 23:33:49 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009-11-08 23:33:47 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 06:33:53 | 003,710,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 04:05:48 | 001,074,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 04:05:48 | 000,547,450 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009-07-14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004-08-13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences < End of report > Z gory dziekuje za pomoc Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
logimen Opublikowano 23 Kwietnia 2011 Zgłoś Opublikowano 23 Kwietnia 2011 (edytowane) Logi z laptopa: Gmer (widze rootkita), problem jak i czym go wywalic ? GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover Rootkit scan 2011-04-23 15:24:17 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV010A Running: kfgrpwpp.exe; Driver: C:\Users\dorotex\AppData\Local\Temp\uwddapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8BBA9BD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8BBAB52C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8BBAB782] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8BBAB9FC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8BBAA450] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8BBAAB32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8BBAAF3C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8BBAA5F8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8BBAAE14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8BBA97D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8BBAACD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8BBA9992] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8BBAB06E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8BBACCB0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8BBAA0EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8BBAA1EE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8BBAAD72] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8BBAC6A2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8BBAD672] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8BBAA752] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8BBAC734] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8BBACD64] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8BBAAFDE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8BBAA4D2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8BBAAEAC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8BBA9DD6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8BBACCDA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8BBAB110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8BBA9CFA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8BBABC3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8BBAD07C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8BBAC9CA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8BBAB49A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8BBAB360] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8BBAC442] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8BBAD554] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8BBAA86C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8BBAA30C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8BBABCF2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8BBAC82E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8BBAD1BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8BBAD2A0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8BBAD3C8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8BBAC5CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8BBA9F4E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8BBA9EA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8BBACF32] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8BBAA02E] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E8B9A9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC5352 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 220 82ECCAF0 4 Bytes [D0, 9B, BA, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 248 82ECCB18 8 Bytes [2C, B5, BA, 8B, 82, B7, BA, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 28C 82ECCB5C 4 Bytes [FC, B9, BA, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82ECCB88 4 Bytes [50, A4, BA, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82ECCBAC 4 Bytes [32, AB, BA, 8B] .text ... ? System32\Drivers\spoa.sys System nie może odnaleźć określonej ścieżki. ! PAGE ataport.SYS!DllUnload + 1 8B4A0AD7 4 Bytes JMP 855421D9 .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9980C000, 0x352E10, 0xE8000020] .text USBPORT.SYS!DllUnload 91BD6CA0 5 Bytes JMP 86C081D8 .text a2ajvanf.SYS 9A548000 12 Bytes [44, 78, E1, 82, EE, 76, E1, ...] .text a2ajvanf.SYS 9A54800D 9 Bytes [57, E1, 82, 48, 7B, E1, 82, ...] {PUSH EDI; LOOPZ 0xffffffffffffff85; DEC EAX; JNP 0xffffffffffffffe7; ADD BYTE [EAX], 0x0} .text a2ajvanf.SYS 9A548017 20 Bytes [00, DE, 47, 39, 8B, E6, 45, ...] .text a2ajvanf.SYS 9A54802C 134 Bytes [00, 00, 00, 00, F0, 65, E8, ...] .text a2ajvanf.SYS 9A5480B3 14 Bytes [82, 30, 93, EC, 82, 80, 76, ...] .text ... ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] USER32.dll!NotifyWinEvent + 48B 761FF724 4 Bytes [70, 11, 33, 6D] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] USER32.dll!NotifyWinEvent + 48B 761FF724 4 Bytes [70, 11, 33, 6D] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B298042] \SystemRoot\System32\Drivers\spoa.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B2986D6] \SystemRoot\System32\Drivers\spoa.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B298800] \SystemRoot\System32\Drivers\spoa.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B29813E] \SystemRoot\System32\Drivers\spoa.sys IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00540DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00540E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00540E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00540EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00540F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77D10860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 77D108D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 77D10940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 77D109B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D10A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77D10A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 77D10B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77D10B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77D10BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 77D10C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77C00710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77C00780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77C007F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77C008D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00550400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00550470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 005504E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00550550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 005505C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00550630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 005506A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77C00A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00550710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00550780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 77CF06A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 005602B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00560320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00560390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 77CF0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 77CF07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00560400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00560470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 005604E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00560550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 005605C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00560630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 005606A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00560710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00560780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 77CF0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 77CF08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 77CF0940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00560B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00560BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77C00080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77C00010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77C00080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77C00010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77C00080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77C00010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 77CF00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77CF0160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D104E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 77D10390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 77D101D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 77D10320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 77D102B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 77D10240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 77D100F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77C00010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77C00080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 77D10320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 77D100F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 77D10240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D104E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 77D10470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 77D10400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 77CF00F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D104E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 77D10390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 77CF0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 77D10240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 77D102B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 77D100F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 77D101D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 77D10160 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 003E0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 003E0E10 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 003E0E80 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 003E0EF0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003E0F60 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77D10860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 77D108D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 77D10940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 77D109B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D10A20 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77D10A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 77D10B00 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77D10B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77D10BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 77D10C50 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77C00710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77C00780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77C007F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77C008D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 003F0400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 003F0470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 003F04E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 003F0550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 003F05C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003F0630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 003F06A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77C00A90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003F0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003F0780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 77CF06A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 016102B0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 01610320 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01610390 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 77CF0710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 77CF07F0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 01610400 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01610470 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 016104E0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01610550 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 016105C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01610630 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 016106A0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01610710 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01610780 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 77CF0860 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 77CF08D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 77CF0940 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01610B70 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01610BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77C00010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77C00080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77C00080 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77C00010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 855491F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{A0B6DF4E-19AD-4886-9445-0938AEB86BE2} 862E71F8 Device \Driver\volmgr \Device\VolMgrControl 855441F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D3ED0050-7030-462D-88FC-034038E37030} 862E71F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f4dd33a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f4dd33a@00234542af76 0x73 0x17 0x65 0x91 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f4dd33a@0017e5ba95a2 0xF7 0x06 0x64 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f4dd33a@8c541d2c8728 0x8E 0x70 0x20 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0x37 0x80 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1E 0xBA 0x26 0xB8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0x30 0xA1 0x26 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214f4dd33a (not active ControlSet) Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 1.0.15 ---- Edytowane 23 Kwietnia 2011 przez logimen Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 24 Kwietnia 2011 Zgłoś Opublikowano 24 Kwietnia 2011 > 3 przelewy elektroniczne "poszly w kosmos" z matki firmowego konta Co to znaczy? Przelew moze sie wykonac lub nie, ewentualna infekcja nie ma tutaj nic do rzeczy. > Gmer (widze rootkita), problem jak i czym go wywalic ? Gdzie ten rootkit? Skan przy pomocy mbam oraz cureit cos wykrywa? Daj logi z MbrCheck oraz TDSSKiller: http://ad13.geekstogo.com/MBRCheck.exe How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)? Nawet jezeli cos wykryja to NIC nie usuwaj. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
logimen Opublikowano 24 Kwietnia 2011 Zgłoś Opublikowano 24 Kwietnia 2011 (edytowane) Ok. Moze sie pomylilem z tym rootkitem. Co do przelewow to matka twierdzi, ze wyslane a nie doszly, a kasa zniknela z konta. NIe_wiem co dokladnie sie stalo bo nie ja robilem przelew bo bym widzial czy wykonany czy nie. Ew. moze byc tak, ze kasa zeszla z konta, a nic nie poszlo ? Wina banku ? W kazdym badz razie, jeszzce jutro poskanuje tym czym mowiles i wrzuce logi. Edytowane 25 Kwietnia 2011 przez Kolobos Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 25 Kwietnia 2011 Zgłoś Opublikowano 25 Kwietnia 2011 Skoro konto zostalo obciazone to przelewy zostaly wykonane, mozesz to sprawdzic w historii. Jezeli tam sa i wszystkie dane sie zgadzaja to trzeba zadzwonic do banku i sie dowiedziec. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
logimen Opublikowano 26 Kwietnia 2011 Zgłoś Opublikowano 26 Kwietnia 2011 TDSS Log 2011/04/26 18:56:50.0661 2628 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/26 18:56:50.0957 2628 ================================================================================ 2011/04/26 18:56:50.0957 2628 SystemInfo: 2011/04/26 18:56:50.0957 2628 2011/04/26 18:56:50.0957 2628 OS Version: 6.1.7600 ServicePack: 0.0 2011/04/26 18:56:50.0957 2628 Product type: Workstation 2011/04/26 18:56:50.0957 2628 ComputerName: PAWEŁ57 2011/04/26 18:56:50.0957 2628 UserName: dorotex 2011/04/26 18:56:50.0957 2628 Windows directory: C:\Windows 2011/04/26 18:56:50.0957 2628 System windows directory: C:\Windows 2011/04/26 18:56:50.0957 2628 Processor architecture: Intel x86 2011/04/26 18:56:50.0957 2628 Number of processors: 2 2011/04/26 18:56:50.0957 2628 Page size: 0x1000 2011/04/26 18:56:50.0957 2628 Boot type: Normal boot 2011/04/26 18:56:50.0957 2628 ================================================================================ 2011/04/26 18:56:58.0960 2628 Initialize success 2011/04/26 18:57:05.0621 3736 ================================================================================ 2011/04/26 18:57:05.0621 3736 Scan started 2011/04/26 18:57:05.0621 3736 Mode: Manual; 2011/04/26 18:57:05.0621 3736 ================================================================================ 2011/04/26 18:57:07.0228 3736 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/04/26 18:57:07.0290 3736 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\drivers\ACPI.sys 2011/04/26 18:57:07.0400 3736 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\drivers\acpipmi.sys 2011/04/26 18:57:07.0524 3736 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/26 18:57:07.0556 3736 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys 2011/04/26 18:57:07.0680 3736 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys 2011/04/26 18:57:07.0743 3736 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/04/26 18:57:07.0868 3736 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/04/26 18:57:07.0930 3736 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys 2011/04/26 18:57:08.0039 3736 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/04/26 18:57:08.0133 3736 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/04/26 18:57:08.0211 3736 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/04/26 18:57:08.0258 3736 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys 2011/04/26 18:57:08.0460 3736 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/04/26 18:57:08.0741 3736 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/04/26 18:57:08.0804 3736 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys 2011/04/26 18:57:08.0897 3736 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\drivers\amdsata.sys 2011/04/26 18:57:08.0944 3736 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys 2011/04/26 18:57:09.0006 3736 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\drivers\amdxata.sys 2011/04/26 18:57:09.0116 3736 AmUStor (d2bf422c2611632afb9ce8f7b2a8c306) C:\Windows\system32\drivers\AmUStor.SYS 2011/04/26 18:57:09.0194 3736 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/04/26 18:57:09.0334 3736 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/04/26 18:57:09.0459 3736 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys 2011/04/26 18:57:09.0490 3736 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys 2011/04/26 18:57:09.0615 3736 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/26 18:57:09.0662 3736 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/04/26 18:57:09.0927 3736 atikmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/04/26 18:57:10.0098 3736 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys 2011/04/26 18:57:10.0223 3736 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/26 18:57:10.0348 3736 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/04/26 18:57:10.0410 3736 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/04/26 18:57:10.0520 3736 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/26 18:57:10.0566 3736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys 2011/04/26 18:57:10.0754 3736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys 2011/04/26 18:57:11.0034 3736 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/04/26 18:57:11.0331 3736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/04/26 18:57:11.0534 3736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/04/26 18:57:11.0627 3736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/04/26 18:57:11.0721 3736 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/26 18:57:11.0955 3736 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/26 18:57:12.0189 3736 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/26 18:57:12.0438 3736 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2011/04/26 18:57:12.0657 3736 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/26 18:57:12.0797 3736 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/26 18:57:12.0860 3736 cdrom (656d1ec977e3c5316a62dbbe52cb9663) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/26 18:57:13.0062 3736 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys 2011/04/26 18:57:13.0156 3736 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/04/26 18:57:13.0296 3736 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/26 18:57:13.0562 3736 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/04/26 18:57:13.0718 3736 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/04/26 18:57:13.0905 3736 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys 2011/04/26 18:57:14.0154 3736 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/04/26 18:57:14.0342 3736 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys 2011/04/26 18:57:14.0451 3736 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/04/26 18:57:14.0529 3736 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/04/26 18:57:14.0607 3736 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/04/26 18:57:14.0685 3736 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/04/26 18:57:14.0810 3736 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/04/26 18:57:14.0856 3736 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/26 18:57:14.0919 3736 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/26 18:57:15.0090 3736 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys 2011/04/26 18:57:15.0262 3736 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys 2011/04/26 18:57:15.0293 3736 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/04/26 18:57:15.0434 3736 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/04/26 18:57:15.0465 3736 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/04/26 18:57:15.0527 3736 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys 2011/04/26 18:57:15.0636 3736 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/04/26 18:57:15.0683 3736 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/04/26 18:57:15.0699 3736 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys 2011/04/26 18:57:15.0761 3736 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/04/26 18:57:15.0886 3736 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/04/26 18:57:15.0902 3736 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/26 18:57:15.0980 3736 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\ftdibus.sys 2011/04/26 18:57:16.0104 3736 FTSER2K (596d31583ce332b5514520d74837f434) C:\Windows\system32\drivers\ftser2k.sys 2011/04/26 18:57:16.0182 3736 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/04/26 18:57:16.0276 3736 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/26 18:57:16.0338 3736 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys 2011/04/26 18:57:16.0385 3736 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys 2011/04/26 18:57:16.0588 3736 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/04/26 18:57:16.0635 3736 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/26 18:57:16.0744 3736 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys 2011/04/26 18:57:16.0791 3736 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/04/26 18:57:16.0822 3736 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys 2011/04/26 18:57:16.0931 3736 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/26 18:57:16.0978 3736 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/04/26 18:57:17.0025 3736 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/04/26 18:57:17.0150 3736 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/04/26 18:57:17.0274 3736 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/26 18:57:17.0337 3736 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys 2011/04/26 18:57:17.0493 3736 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys 2011/04/26 18:57:17.0602 3736 IntcAzAudAddService (d0a6c0ceb3b74a91884f804ff4f031c0) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/26 18:57:17.0742 3736 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/04/26 18:57:17.0774 3736 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/26 18:57:17.0883 3736 ioatdma (e2c2ce489356943c1922b8353dcdad05) C:\Windows\System32\Drivers\qd26032.sys 2011/04/26 18:57:17.0930 3736 ioatdma1 (c4317da9066ef0678db2b68492523b38) C:\Windows\System32\Drivers\qd16032.sys 2011/04/26 18:57:18.0008 3736 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/26 18:57:18.0086 3736 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\drivers\IPMIDrv.sys 2011/04/26 18:57:18.0117 3736 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/04/26 18:57:18.0164 3736 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/04/26 18:57:18.0210 3736 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/04/26 18:57:18.0304 3736 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\drivers\msiscsi.sys 2011/04/26 18:57:18.0351 3736 iSSetup (2247354a4d999c9cbb4d61b2a27576b9) C:\Windows\system32\DRIVERS\iSSetup.sys 2011/04/26 18:57:18.0491 3736 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/26 18:57:18.0522 3736 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/26 18:57:18.0585 3736 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys 2011/04/26 18:57:18.0710 3736 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys 2011/04/26 18:57:18.0866 3736 KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys 2011/04/26 18:57:18.0944 3736 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys 2011/04/26 18:57:19.0053 3736 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/26 18:57:19.0100 3736 KSecPkg (ebcc522bf6ee19dddfa00057e1d52039) C:\Windows\system32\Drivers\ksecpkg.sys 2011/04/26 18:57:19.0240 3736 LgBttPort (fa522813fdca27e60302b77f169972af) C:\Windows\system32\DRIVERS\lgbtport.sys 2011/04/26 18:57:19.0334 3736 lgbusenum (50707aa5d4bb694e3f6b0a00b09e664a) C:\Windows\system32\DRIVERS\lgbtbus.sys 2011/04/26 18:57:19.0474 3736 lgmdbus (54fec13b60914784aa06685f352aed70) C:\Windows\system32\DRIVERS\lgmdbus.sys 2011/04/26 18:57:19.0536 3736 lgmdmdfl (97b52613f0b621fc9eae007668da7b01) C:\Windows\system32\DRIVERS\lgmdmdfl.sys 2011/04/26 18:57:19.0583 3736 lgmdmdm (b9cc203836509083d8be07b6a5b40862) C:\Windows\system32\DRIVERS\lgmdmdm.sys 2011/04/26 18:57:19.0724 3736 lgmdmgmt (b5e3263ca8173f9619075898df5d4718) C:\Windows\system32\DRIVERS\lgmdmgmt.sys 2011/04/26 18:57:19.0786 3736 lgmdobex (a218c22fd0c4b8ac3ce38e08d1ac9e88) C:\Windows\system32\DRIVERS\lgmdobex.sys 2011/04/26 18:57:19.0911 3736 LGVMODEM (7a47926c78596d1e245d27e1aeb7bf55) C:\Windows\system32\DRIVERS\lgvmodem.sys 2011/04/26 18:57:20.0020 3736 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/26 18:57:20.0129 3736 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/26 18:57:20.0176 3736 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/26 18:57:20.0207 3736 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys 2011/04/26 18:57:20.0238 3736 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/26 18:57:20.0316 3736 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/04/26 18:57:20.0441 3736 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys 2011/04/26 18:57:20.0535 3736 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys 2011/04/26 18:57:20.0613 3736 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/04/26 18:57:20.0675 3736 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/26 18:57:20.0753 3736 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/26 18:57:20.0800 3736 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/26 18:57:20.0909 3736 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/04/26 18:57:20.0956 3736 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\drivers\mpio.sys 2011/04/26 18:57:20.0987 3736 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/26 18:57:21.0018 3736 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/04/26 18:57:21.0143 3736 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/26 18:57:21.0206 3736 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/26 18:57:21.0330 3736 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/26 18:57:21.0393 3736 msahci (bb14a640e7f234f260d1aa19a60cf960) C:\Windows\system32\drivers\msahci.sys 2011/04/26 18:57:21.0486 3736 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys 2011/04/26 18:57:21.0518 3736 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/04/26 18:57:21.0549 3736 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/04/26 18:57:21.0580 3736 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/04/26 18:57:21.0642 3736 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/26 18:57:21.0736 3736 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/26 18:57:21.0752 3736 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/04/26 18:57:21.0783 3736 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/04/26 18:57:21.0830 3736 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/26 18:57:21.0986 3736 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/04/26 18:57:22.0032 3736 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys 2011/04/26 18:57:22.0048 3736 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/04/26 18:57:22.0204 3736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/26 18:57:22.0266 3736 NDIS (779e9149d3662ed6beb58a67e3c775f4) C:\Windows\system32\drivers\ndis.sys 2011/04/26 18:57:22.0407 3736 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/04/26 18:57:22.0422 3736 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/26 18:57:22.0500 3736 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/26 18:57:22.0532 3736 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/26 18:57:22.0563 3736 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/04/26 18:57:22.0625 3736 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/26 18:57:22.0719 3736 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/26 18:57:23.0015 3736 NETw5v32 (ac11813196ad734b8aa6164c8491f37f) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/04/26 18:57:23.0327 3736 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys 2011/04/26 18:57:23.0483 3736 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys 2011/04/26 18:57:23.0670 3736 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys 2011/04/26 18:57:23.0748 3736 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/04/26 18:57:23.0936 3736 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/26 18:57:24.0123 3736 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/04/26 18:57:24.0232 3736 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/04/26 18:57:24.0263 3736 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\drivers\nvraid.sys 2011/04/26 18:57:24.0294 3736 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\drivers\nvstor.sys 2011/04/26 18:57:24.0310 3736 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/04/26 18:57:24.0435 3736 O2MDRDR (908593eac1ffe529fe760b0a378b3600) C:\Windows\system32\DRIVERS\o2media.sys 2011/04/26 18:57:24.0497 3736 O2SDRDR (e5e4f48a17cdd4683936b06563ba1c51) C:\Windows\system32\DRIVERS\o2sd.sys 2011/04/26 18:57:24.0575 3736 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/04/26 18:57:24.0731 3736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys 2011/04/26 18:57:24.0794 3736 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/04/26 18:57:24.0825 3736 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys 2011/04/26 18:57:24.0903 3736 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2011/04/26 18:57:25.0043 3736 pci (80a4748a0304715c29093311795ac448) C:\Windows\system32\drivers\pci.sys 2011/04/26 18:57:25.0106 3736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/04/26 18:57:25.0152 3736 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys 2011/04/26 18:57:25.0308 3736 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/04/26 18:57:25.0464 3736 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/04/26 18:57:25.0730 3736 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/26 18:57:25.0854 3736 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys 2011/04/26 18:57:25.0917 3736 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/26 18:57:26.0088 3736 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys 2011/04/26 18:57:26.0260 3736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys 2011/04/26 18:57:26.0307 3736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/26 18:57:26.0416 3736 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/26 18:57:26.0478 3736 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/04/26 18:57:26.0588 3736 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/26 18:57:26.0619 3736 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/26 18:57:26.0666 3736 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/26 18:57:26.0775 3736 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/26 18:57:26.0822 3736 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/04/26 18:57:26.0915 3736 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/26 18:57:26.0946 3736 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/04/26 18:57:27.0024 3736 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/26 18:57:27.0134 3736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/04/26 18:57:27.0196 3736 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/04/26 18:57:27.0305 3736 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/04/26 18:57:27.0352 3736 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/26 18:57:27.0446 3736 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/04/26 18:57:27.0539 3736 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys 2011/04/26 18:57:27.0648 3736 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/04/26 18:57:27.0758 3736 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys 2011/04/26 18:57:27.0820 3736 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/04/26 18:57:27.0867 3736 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys 2011/04/26 18:57:27.0960 3736 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/26 18:57:28.0007 3736 RSUSBSTOR (83f7a29b659771e60cd71999ef57aa0c) C:\Windows\System32\Drivers\RtsUStor.sys 2011/04/26 18:57:28.0179 3736 RTHDMIAzAudService (3f521ee3308fe66bcfe688dbbc7acf7f) C:\Windows\system32\drivers\RtHDMIV.sys 2011/04/26 18:57:28.0366 3736 RTSTOR (702a60acc6c067cc3f688c801a1f76e1) C:\Windows\system32\drivers\RTSTOR.SYS 2011/04/26 18:57:28.0506 3736 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys 2011/04/26 18:57:28.0647 3736 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys 2011/04/26 18:57:28.0725 3736 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys 2011/04/26 18:57:28.0865 3736 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys 2011/04/26 18:57:29.0021 3736 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys 2011/04/26 18:57:29.0146 3736 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys 2011/04/26 18:57:29.0427 3736 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys 2011/04/26 18:57:29.0864 3736 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\drivers\vms3cap.sys 2011/04/26 18:57:30.0129 3736 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\drivers\sbp2port.sys 2011/04/26 18:57:30.0363 3736 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/04/26 18:57:30.0722 3736 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/26 18:57:30.0987 3736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/26 18:57:31.0236 3736 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 2011/04/26 18:57:31.0424 3736 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/26 18:57:31.0455 3736 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys 2011/04/26 18:57:31.0486 3736 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys 2011/04/26 18:57:31.0689 3736 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys 2011/04/26 18:57:31.0876 3736 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/04/26 18:57:31.0954 3736 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/26 18:57:32.0016 3736 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/04/26 18:57:32.0032 3736 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys 2011/04/26 18:57:32.0079 3736 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/04/26 18:57:32.0126 3736 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys 2011/04/26 18:57:32.0157 3736 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys 2011/04/26 18:57:32.0250 3736 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/04/26 18:57:32.0328 3736 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys 2011/04/26 18:57:32.0469 3736 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/04/26 18:57:32.0578 3736 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/04/26 18:57:32.0578 3736 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/26 18:57:32.0578 3736 sptd - detected Locked file (1) 2011/04/26 18:57:32.0765 3736 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys 2011/04/26 18:57:32.0921 3736 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/26 18:57:33.0077 3736 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/04/26 18:57:33.0311 3736 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/04/26 18:57:33.0623 3736 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/04/26 18:57:33.0873 3736 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/26 18:57:34.0107 3736 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys 2011/04/26 18:57:34.0294 3736 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\drivers\vmstorfl.sys 2011/04/26 18:57:34.0434 3736 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\drivers\storvsc.sys 2011/04/26 18:57:34.0497 3736 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/26 18:57:34.0606 3736 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/04/26 18:57:34.0918 3736 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/26 18:57:35.0074 3736 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/26 18:57:35.0105 3736 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/04/26 18:57:35.0136 3736 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/04/26 18:57:35.0199 3736 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/26 18:57:35.0230 3736 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/26 18:57:35.0308 3736 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/26 18:57:35.0448 3736 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/26 18:57:35.0495 3736 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys 2011/04/26 18:57:35.0589 3736 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/26 18:57:35.0854 3736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/26 18:57:35.0963 3736 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/26 18:57:36.0010 3736 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys 2011/04/26 18:57:36.0135 3736 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys 2011/04/26 18:57:36.0322 3736 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 2011/04/26 18:57:36.0431 3736 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/26 18:57:37.0367 3736 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/04/26 18:57:38.0397 3736 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/26 18:57:39.0333 3736 usbhub (0db84eda895894ba222e27acf597c806) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/26 18:57:40.0284 3736 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys 2011/04/26 18:57:41.0174 3736 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys 2011/04/26 18:57:42.0141 3736 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys 2011/04/26 18:57:43.0124 3736 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 2011/04/26 18:57:44.0122 3736 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/26 18:57:44.0949 3736 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/26 18:57:45.0947 3736 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/26 18:57:46.0821 3736 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/04/26 18:57:47.0726 3736 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/26 18:57:48.0568 3736 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/04/26 18:57:49.0473 3736 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\drivers\vhdmp.sys 2011/04/26 18:57:50.0378 3736 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/04/26 18:57:51.0142 3736 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys 2011/04/26 18:57:51.0907 3736 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/04/26 18:57:52.0733 3736 vm3dmp (e2d93ecd5a0f3bfba99d023074c73f6a) C:\Windows\system32\DRIVERS\vm3dmp.sys 2011/04/26 18:57:54.0028 3736 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\drivers\vmbus.sys 2011/04/26 18:57:54.0683 3736 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\drivers\VMBusHID.sys 2011/04/26 18:57:56.0072 3736 vmmouse (17cd671136032e3a202b4a9c6c4c9dba) C:\Windows\system32\DRIVERS\vmmouse.sys 2011/04/26 18:57:56.0665 3736 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\drivers\volmgr.sys 2011/04/26 18:57:57.0398 3736 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/04/26 18:57:58.0162 3736 volsnap (70f41d1ebdd9ee6ed2fd0fc05aa1fc13) C:\Windows\system32\drivers\volsnap.sys 2011/04/26 18:57:59.0067 3736 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys 2011/04/26 18:57:59.0753 3736 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys 2011/04/26 18:57:59.0863 3736 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys 2011/04/26 18:57:59.0956 3736 vpcvmm (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys 2011/04/26 18:58:00.0143 3736 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys 2011/04/26 18:58:00.0221 3736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/04/26 18:58:00.0315 3736 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys 2011/04/26 18:58:00.0393 3736 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/26 18:58:00.0409 3736 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/26 18:58:00.0518 3736 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys 2011/04/26 18:58:00.0596 3736 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/26 18:58:00.0705 3736 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/04/26 18:58:00.0767 3736 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/04/26 18:58:00.0845 3736 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/04/26 18:58:00.0955 3736 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/04/26 18:58:01.0033 3736 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/26 18:58:01.0111 3736 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/04/26 18:58:01.0189 3736 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/26 18:58:01.0329 3736 yukonw7 (3eb1576f77b60a6c79dd7742b67219b8) C:\Windows\system32\DRIVERS\yk62x86.sys 2011/04/26 18:58:01.0454 3736 ================================================================================ 2011/04/26 18:58:01.0454 3736 Scan finished 2011/04/26 18:58:01.0454 3736 ================================================================================ 2011/04/26 18:58:01.0469 1784 Detected object count: 1 2011/04/26 18:58:15.0026 1784 Locked file(sptd) - User select action: Skip MBAM log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Wersja bazy: 6448 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2011-04-26 19:14:33 mbam-log-2011-04-26 (19-14-21).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 152653 Upłynęło: 12 minut(y), 35 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 3 Zainfekowanych folderów: 0 Zainfekowanych plików: 4 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: c:\Users\dorotex\local settings\tempxm2920.html (Trojan.FakeAlert) -> No action taken. c:\Users\dorotex\local settings\tempxo4520.html (Trojan.FakeAlert) -> No action taken. c:\Users\dorotex\local settings\tempxq1876.html (Trojan.FakeAlert) -> No action taken. c:\Users\dorotex\local settings\tempxu1788.html (Trojan.FakeAlert) -> No action taken. mbr chceck nie zapisuje loga, za to mbr.exe (jakis skaner z tematu o logach) nic nie znajduje. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 29 Kwietnia 2011 Zgłoś Opublikowano 29 Kwietnia 2011 Nie widze, zebys mial zainfekowany system. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
logimen Opublikowano 29 Kwietnia 2011 Zgłoś Opublikowano 29 Kwietnia 2011 To spoko,dzieki. Widocznie KAV usunal to co bylo,a byl w raporcie jakis rootkit.bigs cos takiego. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...