Prośba o analize logow

logimen · 23 Kwietnia 2011

Witam,

Na laptopie rodzicow jest cala zgraja roznego badziewia. Doszlo nawet do tego, ze ze 3 przelewy elektroniczne "poszly w kosmos" z matki firmowego konta bo ojciec tak dbal o kompa.

Dlatego przeskanowalem sobie desktopa i prosze o sprawdzenie dwoch logow. Pozniej wrzuce jeszcze logi z laptopa.

P.S. co teraz zrobic w takiej sytuacji ? Zmieniac PIN do konta czy wogole konto cale zmienic ? pierwszy raz mamy taka sytuacje przez ojca niedbalstwo bo klika we wszystko co wyskoczy, a na laptopie byl i nadal jest legalny KAV 9.x z bazamia uaktualnianymi co godzine. Wszystkie zapory i moduly wlaczone 8O

Log z GMer'a

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-23 09:44:06

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500JS-00NCB1 rev.10.02E02

Running: kfgrpwpp.exe; Driver: C:\Users\logimen\AppData\Local\Temp\axliafod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C809A9 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBA212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

? System32\Drivers\spns.sys System nie może odnaleźć określonej ścieżki. !

.text USBPORT.SYS!DllUnload 91FAACA0 5 Bytes JMP 8688C4E0

.text apq22qzy.SYS 90D45000 12 Bytes [44, C8, C0, 82, EE, C6, C0, ...]

.text apq22qzy.SYS 90D4500D 9 Bytes [A7, C0, 82, 48, CB, C0, 82, ...]

.text apq22qzy.SYS 90D45017 20 Bytes [00, DE, C7, B8, 8B, E6, C5, ...]

.text apq22qzy.SYS 90D4502C 149 Bytes [00, 00, 00, 00, F0, B5, C7, ...]

.text apq22qzy.SYS 90D450C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text ...

? C:\Users\logimen\AppData\Local\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\notepad.exe[1660] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 0012A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Windows\notepad.exe[1660] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 0012A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Windows\system32\taskeng.exe[1752] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 0094A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Windows\system32\taskeng.exe[1752] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 0094A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1840] kernel32.dll!SetUnhandledExceptionFilter 76FE3162 4 Bytes [C2, 04, 00, 00]

.text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1920] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 01E5A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\MSI Afterburner\MSIAfterburner.exe[1920] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 01E5A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Users\logimen\Desktop\Inne\CoreTemp\Core Temp.exe[1932] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 018DA390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Users\logimen\Desktop\Inne\CoreTemp\Core Temp.exe[1932] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 018DA4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Windows\system32\taskhost.exe[2012] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 01C7A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Windows\system32\taskhost.exe[2012] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 01C7A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\ESET\ESET Smart Security\egui.exe[2200] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\ESET\ESET Smart Security\egui.exe[2200] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Windows\system\HsMgr.exe[2216] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Windows\system\HsMgr.exe[2216] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\Windows Sidebar\sidebar.exe[2236] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 1000A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\Windows Sidebar\sidebar.exe[2236] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 1000A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2256] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 01D4A390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2256] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 01D4A4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Users\logimen\Desktop\AVS\kfgrpwpp.exe[2524] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 002EA390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Users\logimen\Desktop\AVS\kfgrpwpp.exe[2524] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 002EA4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe[2620] ole32.dll!CoCreateInstance 7686590C 5 Bytes JMP 003CA390 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

.text C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe[2620] ole32.dll!CoCreateInstanceEx 7686594F 5 Bytes JMP 003CA4F0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BA90042] \SystemRoot\System32\Drivers\spns.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BA906D6] \SystemRoot\System32\Drivers\spns.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BA90800] \SystemRoot\System32\Drivers\spns.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BA9013E] \SystemRoot\System32\Drivers\spns.sys

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortNotification] 00147880

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortStallExecution] C25DC033

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortInitialize] 157B805E

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500

IAT \SystemRoot\System32\Drivers\apq22qzy.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8575D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\fastfat \FatCdrom 879BE1F8

Device \FileSystem\udfs \UdfsCdRom 87EBF1F8

Device \FileSystem\udfs \UdfsDisk 87EBF1F8

Device \Driver\volmgr \Device\VolMgrControl 857591F8

Device \Driver\usbuhci \Device\USBPDO-0 86889500

Device \Driver\sptd \Device\1298531199 spns.sys

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-1 86889500

Device \Driver\NetBT \Device\NetBT_Tcpip_{DDC7405D-72C8-4606-A2F9-47A6549C934E} 868031F8

Device \Driver\usbuhci \Device\USBPDO-2 86889500

Device \Driver\usbehci \Device\USBPDO-3 86867500

Device \Driver\usbuhci \Device\USBPDO-4 86889500

Device \Driver\usbuhci \Device\USBPDO-5 86889500

Device \Driver\usbuhci \Device\USBPDO-6 86889500

Device \Driver\volmgr \Device\HarddiskVolume1 857591F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 86867500

Device \Driver\volmgr \Device\HarddiskVolume2 857591F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 867941F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8575B1F8

Device \Driver\atapi \Device\Ide\IdePort0 8575B1F8

Device \Driver\atapi \Device\Ide\IdePort1 8575B1F8

Device \Driver\atapi \Device\Ide\IdePort2 8575B1F8

Device \Driver\atapi \Device\Ide\IdePort3 8575B1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8575B1F8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 8575B1F8

Device \Driver\volmgr \Device\HarddiskVolume3 857591F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 867941F8

Device \Driver\volmgr \Device\HarddiskVolume4 857591F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom2 867941F8

Device \Driver\volmgr \Device\HarddiskVolume5 857591F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume6 857591F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume7 857591F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 868031F8

Device \Driver\volmgr \Device\HarddiskVolume8 857591F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume9 857591F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\PCI_PNP3198 \Device\0000005b spns.sys

Device \Driver\usbuhci \Device\USBFDO-0 86889500

Device \Driver\usbuhci \Device\USBFDO-1 86889500

Device \Driver\usbuhci \Device\USBFDO-2 86889500

Device \Driver\usbehci \Device\USBFDO-3 86867500

Device \Driver\usbuhci \Device\USBFDO-4 86889500

Device \Driver\usbuhci \Device\USBFDO-5 86889500

Device \Driver\usbuhci \Device\USBFDO-6 86889500

Device \Driver\usbehci \Device\USBFDO-7 86867500

Device \Driver\apq22qzy \Device\Scsi\apq22qzy1Port4Path0Target1Lun0 86A941F8

Device \Driver\apq22qzy \Device\Scsi\apq22qzy1 86A941F8

Device \Driver\apq22qzy \Device\Scsi\apq22qzy1Port4Path0Target0Lun0 86A941F8

Device \FileSystem\fastfat \Fat 879BE1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00134600683c

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCA 0xAB 0xC8 0x47 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0xA5 0x72 0x28 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE6 0x77 0xD4 0xDB ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x29 0xE4 0x12 0x43 ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL FBD067C00BD895B05FC90878FA1A9120949C2EA603FB894FFCD53C2417126901B84C7BA17D8A21FC3011DAF2DE0128852BA936B160230E20F2A0322FD9A320AD8EDD272F0A0317D506D49A026D1FDEBD3880CA5B1A1DE60E443247082B978351FCA99E6FC4A86294EF0615DE1F390A677F7E72AFA3AB71A00373DA33A14C1D768546B8790415D46802883AD629C4E377C3F6D652B742EF2EC6C5EE499652D5FAAFC172786397A0D3D3B69F4B086E8835CE2DC677528A88E5267BAB72A8EE7F10859B6C3042B3E0AE815DFC327D157A3C6CDE32ECB5DF4746415AD970B91DCB3D96476871439D1122A93CB0948C4D9F7CECB6308DE6D29825371F6A1670FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B555A2D97226D213B5552A0DDEA8C492D778112C7252E6D6DD6D950CC2D6963238AABF0F429D660660E7F840F1AE18856AE2316AA9DA9E13F0075137B4F504A4DD33056233140FC3F182C7FDD8E6C395ACAF4EC0F3A42FF678013CED437A00A52BC3A444A196FA78D963DE017CBAB0AFF4FCB0731D688ACABD983A1F4111AAF381DD406C056218FCAD6AC06D97973665AEACD3AF466498F7A151641FD46898F55543AFF628B6C6CE96BC204639EC24ECD6626A82E259B30E976F09A4F

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

Log z OTL'a

OTL logfile created on: 2011-04-23 09:25:47 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\logimen\Desktop\AVS

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free

6,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 37,57 Gb Total Space | 10,47 Gb Free Space | 27,86% Space Free | Partition Type: NTFS

Drive D: | 150,00 Gb Total Space | 24,31 Gb Free Space | 16,21% Space Free | Partition Type: NTFS

Drive E: | 269,96 Gb Total Space | 40,39 Gb Free Space | 14,96% Space Free | Partition Type: NTFS

Drive F: | 69,09 Gb Total Space | 50,96 Gb Free Space | 73,76% Space Free | Partition Type: FAT32

Drive G: | 19,53 Gb Total Space | 19,44 Gb Free Space | 99,52% Space Free | Partition Type: NTFS

Drive H: | 19,52 Gb Total Space | 10,32 Gb Free Space | 52,86% Space Free | Partition Type: FAT32

Drive I: | 67,07 Gb Total Space | 47,54 Gb Free Space | 70,88% Space Free | Partition Type: NTFS

Drive J: | 20,06 Gb Total Space | 12,91 Gb Free Space | 64,37% Space Free | Partition Type: FAT32

Drive Z: | 7,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: LOGIMEN-PC | User Name: logimen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-04-23 08:55:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\logimen\Desktop\AVS\OTL.exe

PRC - [2011-04-07 22:44:48 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2011-03-25 09:51:30 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exe

PRC - [2011-03-18 11:17:22 | 000,368,640 | ---- | M] () -- C:\Program Files\MSI Afterburner\MSIAfterburner.exe

PRC - [2010-10-03 02:13:42 | 000,470,544 | ---- | M] () -- C:\Users\logimen\Desktop\Inne\CoreTemp\Core Temp.exe

PRC - [2009-11-11 10:55:36 | 001,257,472 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe

PRC - [2009-11-02 20:19:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2009-10-30 13:57:00 | 000,229,936 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLiteShellHlp.exe

PRC - [2009-03-19 12:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe

PRC - [2009-03-19 12:44:28 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe

PRC - [2008-07-11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\system\HsMgr.exe

========== Modules (SafeList) ==========

MOD - [2011-04-23 08:55:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\logimen\Desktop\AVS\OTL.exe

MOD - [2011-03-25 09:51:24 | 000,081,920 | ---- | M] () -- C:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll

MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009-09-03 15:56:35 | 000,208,896 | ---- | M] (C-Media Electronics Inc.) -- C:\Windows\system\HsSrv.dll

MOD - [2009-07-14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll

MOD - [2009-07-14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll

========== Win32 Services (SafeList) ==========

SRV - [2011-01-25 12:41:12 | 002,398,536 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)

SRV - [2010-08-04 17:25:02 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)

SRV - [2010-08-04 17:25:00 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\System32\ASTSRV.EXE -- (astcc)

SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009-09-06 09:08:06 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2009-07-16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009-04-12 03:26:35 | 000,578,878 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\Shahed.exe -- (.EsetTrialReset)

SRV - [2009-03-19 12:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV - [2009-03-19 12:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)

DRV - [2011-04-08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011-03-03 17:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2010-04-27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2010-04-27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2010-04-27 17:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)

DRV - [2010-04-27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2010-04-27 15:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2010-03-26 00:28:13 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-12-18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2009-11-02 20:18:37 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009-11-02 20:12:29 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)

DRV - [2009-11-02 20:12:29 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)

DRV - [2009-11-02 20:12:29 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)

DRV - [2009-11-02 20:12:29 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV - [2009-10-21 22:47:48 | 000,011,440 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmmouse.sys -- (vmmouse)

DRV - [2009-10-21 22:46:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm3dmp.sys -- (vm3dmp)

DRV - [2009-10-19 17:09:35 | 001,497,600 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp)

DRV - [2009-09-28 17:27:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009-09-22 17:40:48 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009-08-21 14:48:12 | 000,027,136 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\AmUStor.SYS -- (AmUStor)

DRV - [2009-08-04 12:49:08 | 000,106,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iSSetup.sys -- (iSSetup)

DRV - [2009-07-27 00:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)

DRV - [2009-07-27 00:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)

DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)

DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)

DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009-07-14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)

DRV - [2009-07-04 18:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)

DRV - [2009-07-02 08:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)

DRV - [2009-06-30 19:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)

DRV - [2009-06-25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk)

DRV - [2009-06-25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)

DRV - [2009-06-25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)

DRV - [2009-03-19 12:45:38 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)

DRV - [2009-03-19 12:45:34 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)

DRV - [2009-03-19 12:45:32 | 000,131,976 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)

DRV - [2009-03-19 12:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2009-03-19 12:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)

DRV - [2008-01-18 06:14:20 | 000,037,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\qd26032.sys -- (ioatdma) Intel®

DRV - [2008-01-18 06:14:14 | 000,036,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\qd16032.sys -- (ioatdma1)

DRV - [2007-09-25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)

DRV - [2007-02-16 20:27:26 | 000,068,936 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2005-09-23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2005-05-25 06:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32)

DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org

IE - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-03-26 00:29:33 | 000,000,000 | ---D | M]

[2011-02-08 16:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\logimen\AppData\Roaming\mozilla\Extensions

[2011-02-08 16:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\logimen\AppData\Roaming\mozilla\Extensions\Coder Preset

[2011-02-08 16:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\logimen\AppData\Roaming\mozilla\Extensions\MediaCoder

[2011-02-08 16:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\logimen\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard

O1 HOSTS File: ([2011-02-10 01:51:34 | 000,000,155 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [Cmaudio8788] File not found

O4 - HKLM..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe ()

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Activities present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\CommandBar present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Safety present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbar present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Activities present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\CommandBar present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Safety present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbar present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Activities present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\CommandBar present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Safety present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbar present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Activities present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\CommandBar present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Safety present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbar present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Activities present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\CommandBar present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Privacy present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Safety present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Toolbar present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 1

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search

O7 - HKU\S-1-5-21-4163563121-293549032-1130137683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = %w - Google Search

O9 - Extra Button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010-04-26 12:31:28 | 000,013,399 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]

O32 - AutoRun File - [2010-04-26 12:31:18 | 000,000,000 | ---D | M] - D:\AutoMapa EU -- [ NTFS ]

O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-04-23 08:54:40 | 000,000,000 | ---D | C] -- C:\Users\logimen\Desktop\AVS

[2011-04-21 08:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve

[2011-04-21 00:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2011-04-20 18:52:08 | 000,000,000 | ---D | C] -- C:\Users\logimen\Documents\SimBin

[2011-04-20 18:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimBin

[2011-04-20 15:43:32 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll

[2011-04-20 15:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Performance Monitor 4.x

[2011-04-20 15:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\PerfMon4x

[2011-04-18 19:54:00 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2011-04-18 19:54:00 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll

[2011-04-18 19:54:00 | 010,690,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2011-04-18 19:54:00 | 010,071,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2011-04-18 19:54:00 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2011-04-18 19:54:00 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2011-04-18 19:54:00 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2011-04-18 19:54:00 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll

[2011-04-18 19:54:00 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll

[2011-04-18 19:54:00 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco322040.dll

[2011-04-18 19:54:00 | 000,139,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys

[2011-04-18 19:54:00 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2011-04-18 19:54:00 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll

[2011-04-18 19:54:00 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd

[2011-04-16 23:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd

[2011-04-10 23:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinHex

[2011-04-07 22:45:08 | 000,580,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll

[2011-04-07 22:45:06 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2011-04-07 22:44:58 | 003,701,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2011-04-07 22:44:48 | 002,565,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2011-04-02 17:28:33 | 000,000,000 | ---D | C] -- C:\Users\logimen\Desktop\Shift2 Tools

[2011-04-02 12:12:21 | 000,000,000 | ---D | C] -- C:\Users\logimen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps

[2011-03-31 12:28:49 | 000,000,000 | ---D | C] -- C:\Users\logimen\Desktop\skany bre mazda5

[2011-03-29 08:49:50 | 000,000,000 | ---D | C] -- C:\Users\logimen\Documents\SHIFT 2 UNLEASHED

[2011-03-27 19:16:57 | 000,000,000 | ---D | C] -- C:\Users\logimen\AppData\Roaming\BDREBUILDER

[2011-03-27 19:16:41 | 000,000,000 | ---D | C] -- C:\Users\logimen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5

[2011-03-27 19:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5

[2011-03-27 19:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5

[2011-03-27 01:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield

[2011-03-26 18:38:55 | 000,217,600 | ---- | C] (Microsoft) -- C:\Users\logimen\Desktop\Crysis2AdvancedGraphicsOptions.exe

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-04-23 08:26:40 | 000,019,248 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011-04-23 08:26:40 | 000,019,248 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011-04-23 08:25:51 | 002,038,388 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2011-04-23 08:25:51 | 001,074,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011-04-23 08:25:51 | 000,593,092 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2011-04-23 08:25:51 | 000,547,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011-04-23 08:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011-04-23 08:19:04 | 000,188,696 | ---- | M] () -- C:\Windows\System32\oodbs.lor

[2011-04-22 22:56:56 | 000,000,270 | ---- | M] () -- C:\Users\logimen\Documents\BFF_Unpacker.config

[2011-04-21 08:42:28 | 000,000,680 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk

[2011-04-20 18:48:07 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\STCC The Game 2.lnk

[2011-04-19 20:35:15 | 000,000,352 | ---- | M] () -- C:\Users\logimen\Documents\BFF_Repacker.config

[2011-04-16 22:54:14 | 006,358,287 | ---- | M] () -- C:\Users\logimen\Desktop\Scan-110416-0001.jpg

[2011-04-12 23:08:16 | 000,000,031 | ---- | M] () -- C:\Users\logimen\Last session logimen.prj

[2011-04-10 21:56:33 | 000,001,032 | ---- | M] () -- C:\Users\logimen\Desktop\Shift2.lnk

[2011-04-08 07:14:00 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2011-04-08 07:14:00 | 013,007,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll

[2011-04-08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2011-04-08 07:14:00 | 010,071,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2011-04-08 07:14:00 | 006,299,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll

[2011-04-08 07:14:00 | 005,180,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2011-04-08 07:14:00 | 002,765,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2011-04-08 07:14:00 | 002,074,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2011-04-08 07:14:00 | 002,034,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll

[2011-04-08 07:14:00 | 000,944,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll

[2011-04-08 07:14:00 | 000,855,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll

[2011-04-08 07:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2011-04-08 07:14:00 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd

[2011-04-08 07:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb

[2011-04-07 23:17:26 | 000,007,680 | ---- | M] () -- C:\Users\logimen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-04-07 22:45:08 | 000,580,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll

[2011-04-07 22:45:06 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2011-04-07 22:44:58 | 003,701,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2011-04-07 22:44:48 | 002,565,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2011-04-04 19:34:22 | 000,000,865 | ---- | M] () -- C:\Users\logimen\Desktop\Shift Mods.lnk

[2011-04-04 18:09:22 | 000,000,299 | ---- | M] () -- C:\Users\logimen\Desktop\logimen.bat

[2011-04-04 18:09:09 | 000,000,299 | ---- | M] () -- C:\Users\logimen\Desktop\kisiel.bat

[2011-04-02 21:14:10 | 000,001,124 | ---- | M] () -- C:\Users\logimen\Desktop\Shift 2 Saves.lnk

[2011-03-27 21:54:59 | 000,000,606 | ---- | M] () -- C:\Users\logimen\Desktop\autoexec.cfg

[2011-03-27 01:30:26 | 000,000,018 | ---- | M] () -- C:\Users\logimen\Desktop\Crysis2AdvancedSettings.ini

[2011-03-25 17:34:52 | 000,217,600 | ---- | M] (Microsoft) -- C:\Users\logimen\Desktop\Crysis2AdvancedGraphicsOptions.exe

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-04-21 08:42:28 | 000,000,680 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk

[2011-04-20 18:48:07 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\STCC The Game 2.lnk

[2011-04-18 19:54:00 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb

[2011-04-16 22:54:13 | 006,358,287 | ---- | C] () -- C:\Users\logimen\Desktop\Scan-110416-0001.jpg

[2011-04-10 23:27:42 | 000,000,031 | ---- | C] () -- C:\Users\logimen\Last session logimen.prj

[2011-04-10 23:16:46 | 000,000,972 | ---- | C] () -- C:\Users\logimen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHex.lnk

[2011-04-03 01:21:49 | 000,000,352 | ---- | C] () -- C:\Users\logimen\Documents\BFF_Repacker.config

[2011-04-02 17:56:25 | 000,000,270 | ---- | C] () -- C:\Users\logimen\Documents\BFF_Unpacker.config

[2011-03-30 01:24:18 | 000,000,299 | ---- | C] () -- C:\Users\logimen\Desktop\kisiel.bat

[2011-03-30 01:19:25 | 000,000,299 | ---- | C] () -- C:\Users\logimen\Desktop\logimen.bat

[2011-03-29 08:49:44 | 000,001,032 | ---- | C] () -- C:\Users\logimen\Desktop\Shift2.lnk

[2011-03-27 01:31:06 | 000,000,606 | ---- | C] () -- C:\Users\logimen\Desktop\autoexec.cfg

[2011-03-27 01:30:12 | 000,000,018 | ---- | C] () -- C:\Users\logimen\Desktop\Crysis2AdvancedSettings.ini

[2011-03-05 03:01:10 | 000,007,666 | ---- | C] () -- C:\Users\logimen\AppData\Local\Resmon.ResmonCfg

[2011-02-27 19:09:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll

[2011-02-26 01:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI

[2011-02-10 12:24:52 | 000,001,456 | ---- | C] () -- C:\Users\logimen\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011-02-03 01:48:10 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI

[2011-02-01 19:12:03 | 001,871,840 | ---- | C] () -- C:\Windows\System32\xerces-c_2_6.dll

[2011-01-30 12:21:18 | 000,000,123 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010-04-25 12:09:55 | 000,000,053 | ---- | C] () -- C:\Windows\System32\cmasiop.ini

[2010-04-25 12:09:53 | 000,045,212 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl

[2010-04-25 12:09:52 | 000,557,056 | ---- | C] () -- C:\Windows\System32\Cmeauoxy.exe

[2010-04-25 12:09:26 | 000,000,889 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi

[2010-04-25 12:09:23 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2010-04-25 12:09:23 | 000,004,967 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg

[2010-04-25 12:09:23 | 000,000,560 | ---- | C] () -- C:\Windows\cmudaxp.ini

[2010-04-18 10:22:32 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI

[2010-03-30 23:15:53 | 000,007,680 | ---- | C] () -- C:\Users\logimen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-03-29 23:40:36 | 000,140,248 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2010-03-29 23:40:23 | 000,266,400 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2010-03-29 23:40:02 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2010-03-27 01:37:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2010-03-26 17:59:53 | 002,038,388 | ---- | C] () -- C:\Windows\System32\perfh015.dat

[2010-03-26 17:59:53 | 000,593,092 | ---- | C] () -- C:\Windows\System32\perfc015.dat

[2010-03-26 17:59:53 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat

[2010-03-26 17:59:53 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat

[2009-11-16 15:59:21 | 002,580,858 | ---- | C] () -- C:\Windows\System32\activate.exe

[2009-11-16 15:59:21 | 000,613,401 | ---- | C] () -- C:\Windows\System32\activator.exe

[2009-11-16 15:58:26 | 000,613,189 | ---- | C] () -- C:\Windows\closetheme.exe

[2009-11-16 09:15:36 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2009-11-12 19:03:28 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll

[2009-11-12 19:03:27 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll

[2009-11-12 19:03:27 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll

[2009-11-09 13:54:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009-11-08 23:33:51 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009-11-08 23:33:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009-11-08 23:33:50 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2009-11-08 23:33:50 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009-11-08 23:33:50 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009-11-08 23:33:49 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2009-11-08 23:33:47 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009-07-14 06:33:53 | 003,710,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009-07-14 04:05:48 | 001,074,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009-07-14 04:05:48 | 000,547,450 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009-07-14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll

[2009-07-14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2004-08-13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences

< End of report >

Z gory dziekuje za pomoc

logimen · 23 Kwietnia 2011

Logi z laptopa:

Gmer (widze rootkita), problem jak i czym go wywalic ?

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-23 15:24:17

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV010A

Running: kfgrpwpp.exe; Driver: C:\Users\dorotex\AppData\Local\Temp\uwddapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8BBA9BD0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8BBAB52C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8BBAB782]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8BBAB9FC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8BBAA450]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8BBAAB32]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8BBAAF3C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8BBAA5F8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8BBAAE14]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8BBA97D6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8BBAACD0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8BBA9992]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8BBAB06E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x8BBACCB0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8BBAA0EE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8BBAA1EE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8BBAAD72]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8BBAC6A2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8BBAD672]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8BBAA752]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8BBAC734]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8BBACD64]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8BBAAFDE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8BBAA4D2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8BBAAEAC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8BBA9DD6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8BBACCDA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8BBAB110]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8BBA9CFA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8BBABC3E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8BBAD07C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8BBAC9CA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8BBAB49A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8BBAB360]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8BBAC442]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8BBAD554]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8BBAA86C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8BBAA30C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8BBABCF2]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8BBAC82E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8BBAD1BC]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8BBAD2A0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8BBAD3C8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8BBAC5CE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8BBA9F4E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8BBA9EA4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8BBACF32]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8BBAA02E]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E8B9A9 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC5352 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 220 82ECCAF0 4 Bytes [D0, 9B, BA, 8B]

.text ntkrnlpa.exe!RtlSidHashLookup + 248 82ECCB18 8 Bytes [2C, B5, BA, 8B, 82, B7, BA, ...]

.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82ECCB5C 4 Bytes [FC, B9, BA, 8B]

.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82ECCB88 4 Bytes [50, A4, BA, 8B]

.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82ECCBAC 4 Bytes [32, AB, BA, 8B]

.text ...

? System32\Drivers\spoa.sys System nie może odnaleźć określonej ścieżki. !

PAGE ataport.SYS!DllUnload + 1 8B4A0AD7 4 Bytes JMP 855421D9

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9980C000, 0x352E10, 0xE8000020]

.text USBPORT.SYS!DllUnload 91BD6CA0 5 Bytes JMP 86C081D8

.text a2ajvanf.SYS 9A548000 12 Bytes [44, 78, E1, 82, EE, 76, E1, ...]

.text a2ajvanf.SYS 9A54800D 9 Bytes [57, E1, 82, 48, 7B, E1, 82, ...] {PUSH EDI; LOOPZ 0xffffffffffffff85; DEC EAX; JNP 0xffffffffffffffe7; ADD BYTE [EAX], 0x0}

.text a2ajvanf.SYS 9A548017 20 Bytes [00, DE, 47, 39, 8B, E6, 45, ...]

.text a2ajvanf.SYS 9A54802C 134 Bytes [00, 00, 00, 00, F0, 65, E8, ...]

.text a2ajvanf.SYS 9A5480B3 14 Bytes [82, 30, 93, EC, 82, 80, 76, ...]

.text ...

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll

.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] USER32.dll!NotifyWinEvent + 48B 761FF724 4 Bytes [70, 11, 33, 6D]

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll

.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] USER32.dll!NotifyWinEvent + 48B 761FF724 4 Bytes [70, 11, 33, 6D]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B298042] \SystemRoot\System32\Drivers\spoa.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B2986D6] \SystemRoot\System32\Drivers\spoa.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B298800] \SystemRoot\System32\Drivers\spoa.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B29813E] \SystemRoot\System32\Drivers\spoa.sys

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortNotification] 00147880

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortStallExecution] C25DC033

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortInitialize] 157B805E

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500

IAT \SystemRoot\System32\Drivers\a2ajvanf.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00540DA0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00540E10

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00540E80

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 00540EF0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00540F60

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77D10860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 77D108D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 77D10940

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 77D109B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D10A20

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77D10A90

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 77D10B00

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77D10B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77D10BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 77D10C50

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77C00710

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77C00780

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77C007F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77C008D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00550400

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00550470

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 005504E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00550550

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 005505C0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00550630

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 005506A0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77C00A90

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 00550710

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00550780

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 77CF06A0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 005602B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00560320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00560390

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 77CF0710

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 77CF07F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00560400

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00560470

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 005604E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00560550

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 005605C0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00560630

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 005606A0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00560710

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00560780

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 77CF0860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 77CF08D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 77CF0940

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00560B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00560BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77C00080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77C00010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77C00080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77C00010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77C00080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77C00010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 77CF00F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77CF0160

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D104E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 77D10390

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 77D101D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 77D10320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 77D102B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 77D10240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 77D100F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77C00010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77C00080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 77D10320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 77D100F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 77D10240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D104E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 77D10470

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 77D10400

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 77CF00F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D104E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 77D10390

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 77CF0010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 77D10240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 77D102B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 77D100F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameW] 77D101D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleFileNameA] 77D10160

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 001F0240

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 001F02B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 001F0320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001F0390

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 001F07F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001F0860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 001F0B00

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 001F0B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 001F0BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 001F0C50

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 003E0DA0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 001F0CC0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 003E0E10

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 003E0E80

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 003E0EF0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003E0F60

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77D10860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 77D108D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 77D10940

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 77D109B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 001F0D30

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 001F0DA0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77D10A20

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77D10A90

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 77D10B00

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77D10B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77D10BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 77D10C50

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 77C00710

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 77C00780

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 77C007F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 77C008D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 003F0400

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 003F0470

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 003F04E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 003F0550

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 003F05C0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 003F0630

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 003F06A0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 77C00A90

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 003F0710

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 003F0780

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 77CF06A0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 016102B0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 01610320

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01610390

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 77CF0710

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 77CF07F0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 01610400

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01610470

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 016104E0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01610550

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 016105C0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01610630

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 016106A0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01610710

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01610780

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 77CF0860

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 77CF08D0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 77CF0940

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01610B70

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01610BE0

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77C00010

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77C00080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 77C00080

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2636] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 77C00010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855491F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{A0B6DF4E-19AD-4886-9445-0938AEB86BE2} 862E71F8

Device \Driver\volmgr \Device\VolMgrControl 855441F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{D3ED0050-7030-462D-88FC-034038E37030} 862E71F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f4dd33a

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f4dd33a@00234542af76 0x73 0x17 0x65 0x91 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f4dd33a@0017e5ba95a2 0xF7 0x06 0x64 0x63 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f4dd33a@8c541d2c8728 0x8E 0x70 0x20 0xBC ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0x37 0x80 0x9D ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1E 0xBA 0x26 0xB8 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0x30 0xA1 0x26 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214f4dd33a (not active ControlSet)

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

Edytowane 23 Kwietnia 2011 przez logimen

Kolobos · 24 Kwietnia 2011

> 3 przelewy elektroniczne "poszly w kosmos" z matki firmowego konta

Co to znaczy? Przelew moze sie wykonac lub nie, ewentualna infekcja nie ma tutaj nic do rzeczy.

> Gmer (widze rootkita), problem jak i czym go wywalic ?

Gdzie ten rootkit?

Skan przy pomocy mbam oraz cureit cos wykrywa?

Daj logi z MbrCheck oraz TDSSKiller:

http://ad13.geekstogo.com/MBRCheck.exe

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

Nawet jezeli cos wykryja to NIC nie usuwaj.

logimen · 24 Kwietnia 2011

Ok. Moze sie pomylilem z tym rootkitem. Co do przelewow to matka twierdzi, ze wyslane a nie doszly, a kasa zniknela z konta. NIe_wiem co dokladnie sie stalo bo nie ja robilem przelew bo bym widzial czy wykonany czy nie. Ew. moze byc tak, ze kasa zeszla z konta, a nic nie poszlo ? Wina banku ?

W kazdym badz razie, jeszzce jutro poskanuje tym czym mowiles i wrzuce logi.

Edytowane 25 Kwietnia 2011 przez Kolobos

Kolobos · 25 Kwietnia 2011

Skoro konto zostalo obciazone to przelewy zostaly wykonane, mozesz to sprawdzic w historii. Jezeli tam sa i wszystkie dane sie zgadzaja to trzeba zadzwonic do banku i sie dowiedziec.

logimen · 26 Kwietnia 2011

TDSS Log

2011/04/26 18:56:50.0661 2628 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/26 18:56:50.0957 2628 ================================================================================

2011/04/26 18:56:50.0957 2628 SystemInfo:

2011/04/26 18:56:50.0957 2628

2011/04/26 18:56:50.0957 2628 OS Version: 6.1.7600 ServicePack: 0.0

2011/04/26 18:56:50.0957 2628 Product type: Workstation

2011/04/26 18:56:50.0957 2628 ComputerName: PAWEŁ57

2011/04/26 18:56:50.0957 2628 UserName: dorotex

2011/04/26 18:56:50.0957 2628 Windows directory: C:\Windows

2011/04/26 18:56:50.0957 2628 System windows directory: C:\Windows

2011/04/26 18:56:50.0957 2628 Processor architecture: Intel x86

2011/04/26 18:56:50.0957 2628 Number of processors: 2

2011/04/26 18:56:50.0957 2628 Page size: 0x1000

2011/04/26 18:56:50.0957 2628 Boot type: Normal boot

2011/04/26 18:56:50.0957 2628 ================================================================================

2011/04/26 18:56:58.0960 2628 Initialize success

2011/04/26 18:57:05.0621 3736 ================================================================================

2011/04/26 18:57:05.0621 3736 Scan started

2011/04/26 18:57:05.0621 3736 Mode: Manual;

2011/04/26 18:57:05.0621 3736 ================================================================================

2011/04/26 18:57:07.0228 3736 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/04/26 18:57:07.0290 3736 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\drivers\ACPI.sys

2011/04/26 18:57:07.0400 3736 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\drivers\acpipmi.sys

2011/04/26 18:57:07.0524 3736 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

2011/04/26 18:57:07.0556 3736 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

2011/04/26 18:57:07.0680 3736 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

2011/04/26 18:57:07.0743 3736 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/04/26 18:57:07.0868 3736 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/04/26 18:57:07.0930 3736 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

2011/04/26 18:57:08.0039 3736 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/04/26 18:57:08.0133 3736 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/04/26 18:57:08.0211 3736 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/04/26 18:57:08.0258 3736 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

2011/04/26 18:57:08.0460 3736 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/04/26 18:57:08.0741 3736 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/04/26 18:57:08.0804 3736 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

2011/04/26 18:57:08.0897 3736 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\drivers\amdsata.sys

2011/04/26 18:57:08.0944 3736 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

2011/04/26 18:57:09.0006 3736 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\drivers\amdxata.sys

2011/04/26 18:57:09.0116 3736 AmUStor (d2bf422c2611632afb9ce8f7b2a8c306) C:\Windows\system32\drivers\AmUStor.SYS

2011/04/26 18:57:09.0194 3736 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/04/26 18:57:09.0334 3736 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/04/26 18:57:09.0459 3736 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

2011/04/26 18:57:09.0490 3736 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

2011/04/26 18:57:09.0615 3736 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/04/26 18:57:09.0662 3736 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/04/26 18:57:09.0927 3736 atikmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/04/26 18:57:10.0098 3736 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

2011/04/26 18:57:10.0223 3736 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/04/26 18:57:10.0348 3736 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/04/26 18:57:10.0410 3736 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/04/26 18:57:10.0520 3736 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

2011/04/26 18:57:10.0566 3736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

2011/04/26 18:57:10.0754 3736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

2011/04/26 18:57:11.0034 3736 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/04/26 18:57:11.0331 3736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/04/26 18:57:11.0534 3736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/04/26 18:57:11.0627 3736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/04/26 18:57:11.0721 3736 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/04/26 18:57:11.0955 3736 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/04/26 18:57:12.0189 3736 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/04/26 18:57:12.0438 3736 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys

2011/04/26 18:57:12.0657 3736 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys

2011/04/26 18:57:12.0797 3736 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/04/26 18:57:12.0860 3736 cdrom (656d1ec977e3c5316a62dbbe52cb9663) C:\Windows\system32\DRIVERS\cdrom.sys

2011/04/26 18:57:13.0062 3736 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

2011/04/26 18:57:13.0156 3736 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/04/26 18:57:13.0296 3736 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/04/26 18:57:13.0562 3736 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/04/26 18:57:13.0718 3736 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/04/26 18:57:13.0905 3736 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys

2011/04/26 18:57:14.0154 3736 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/04/26 18:57:14.0342 3736 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

2011/04/26 18:57:14.0451 3736 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/04/26 18:57:14.0529 3736 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/04/26 18:57:14.0607 3736 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/04/26 18:57:14.0685 3736 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/04/26 18:57:14.0810 3736 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/04/26 18:57:14.0856 3736 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2011/04/26 18:57:14.0919 3736 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/04/26 18:57:15.0090 3736 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

2011/04/26 18:57:15.0262 3736 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

2011/04/26 18:57:15.0293 3736 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/04/26 18:57:15.0434 3736 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/04/26 18:57:15.0465 3736 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/04/26 18:57:15.0527 3736 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys

2011/04/26 18:57:15.0636 3736 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/04/26 18:57:15.0683 3736 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/04/26 18:57:15.0699 3736 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

2011/04/26 18:57:15.0761 3736 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/04/26 18:57:15.0886 3736 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/04/26 18:57:15.0902 3736 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/04/26 18:57:15.0980 3736 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\ftdibus.sys

2011/04/26 18:57:16.0104 3736 FTSER2K (596d31583ce332b5514520d74837f434) C:\Windows\system32\drivers\ftser2k.sys

2011/04/26 18:57:16.0182 3736 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/04/26 18:57:16.0276 3736 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

2011/04/26 18:57:16.0338 3736 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys

2011/04/26 18:57:16.0385 3736 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys

2011/04/26 18:57:16.0588 3736 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/04/26 18:57:16.0635 3736 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/04/26 18:57:16.0744 3736 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

2011/04/26 18:57:16.0791 3736 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/04/26 18:57:16.0822 3736 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

2011/04/26 18:57:16.0931 3736 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/04/26 18:57:16.0978 3736 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/04/26 18:57:17.0025 3736 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/04/26 18:57:17.0150 3736 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/04/26 18:57:17.0274 3736 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/04/26 18:57:17.0337 3736 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys

2011/04/26 18:57:17.0493 3736 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

2011/04/26 18:57:17.0602 3736 IntcAzAudAddService (d0a6c0ceb3b74a91884f804ff4f031c0) C:\Windows\system32\drivers\RTKVHDA.sys

2011/04/26 18:57:17.0742 3736 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/04/26 18:57:17.0774 3736 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/04/26 18:57:17.0883 3736 ioatdma (e2c2ce489356943c1922b8353dcdad05) C:\Windows\System32\Drivers\qd26032.sys

2011/04/26 18:57:17.0930 3736 ioatdma1 (c4317da9066ef0678db2b68492523b38) C:\Windows\System32\Drivers\qd16032.sys

2011/04/26 18:57:18.0008 3736 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/04/26 18:57:18.0086 3736 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\drivers\IPMIDrv.sys

2011/04/26 18:57:18.0117 3736 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/04/26 18:57:18.0164 3736 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/04/26 18:57:18.0210 3736 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/04/26 18:57:18.0304 3736 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\drivers\msiscsi.sys

2011/04/26 18:57:18.0351 3736 iSSetup (2247354a4d999c9cbb4d61b2a27576b9) C:\Windows\system32\DRIVERS\iSSetup.sys

2011/04/26 18:57:18.0491 3736 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/04/26 18:57:18.0522 3736 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/04/26 18:57:18.0585 3736 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys

2011/04/26 18:57:18.0710 3736 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\drivers\klbg.sys

2011/04/26 18:57:18.0866 3736 KLIF (de6c14fb8438ef932d9f58f269a19b85) C:\Windows\system32\DRIVERS\klif.sys

2011/04/26 18:57:18.0944 3736 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys

2011/04/26 18:57:19.0053 3736 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/04/26 18:57:19.0100 3736 KSecPkg (ebcc522bf6ee19dddfa00057e1d52039) C:\Windows\system32\Drivers\ksecpkg.sys

2011/04/26 18:57:19.0240 3736 LgBttPort (fa522813fdca27e60302b77f169972af) C:\Windows\system32\DRIVERS\lgbtport.sys

2011/04/26 18:57:19.0334 3736 lgbusenum (50707aa5d4bb694e3f6b0a00b09e664a) C:\Windows\system32\DRIVERS\lgbtbus.sys

2011/04/26 18:57:19.0474 3736 lgmdbus (54fec13b60914784aa06685f352aed70) C:\Windows\system32\DRIVERS\lgmdbus.sys

2011/04/26 18:57:19.0536 3736 lgmdmdfl (97b52613f0b621fc9eae007668da7b01) C:\Windows\system32\DRIVERS\lgmdmdfl.sys

2011/04/26 18:57:19.0583 3736 lgmdmdm (b9cc203836509083d8be07b6a5b40862) C:\Windows\system32\DRIVERS\lgmdmdm.sys

2011/04/26 18:57:19.0724 3736 lgmdmgmt (b5e3263ca8173f9619075898df5d4718) C:\Windows\system32\DRIVERS\lgmdmgmt.sys

2011/04/26 18:57:19.0786 3736 lgmdobex (a218c22fd0c4b8ac3ce38e08d1ac9e88) C:\Windows\system32\DRIVERS\lgmdobex.sys

2011/04/26 18:57:19.0911 3736 LGVMODEM (7a47926c78596d1e245d27e1aeb7bf55) C:\Windows\system32\DRIVERS\lgvmodem.sys

2011/04/26 18:57:20.0020 3736 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/04/26 18:57:20.0129 3736 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

2011/04/26 18:57:20.0176 3736 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

2011/04/26 18:57:20.0207 3736 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

2011/04/26 18:57:20.0238 3736 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

2011/04/26 18:57:20.0316 3736 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/04/26 18:57:20.0441 3736 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

2011/04/26 18:57:20.0535 3736 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

2011/04/26 18:57:20.0613 3736 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/04/26 18:57:20.0675 3736 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/04/26 18:57:20.0753 3736 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/04/26 18:57:20.0800 3736 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/04/26 18:57:20.0909 3736 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/04/26 18:57:20.0956 3736 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\drivers\mpio.sys

2011/04/26 18:57:20.0987 3736 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/04/26 18:57:21.0018 3736 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/04/26 18:57:21.0143 3736 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/04/26 18:57:21.0206 3736 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/04/26 18:57:21.0330 3736 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/04/26 18:57:21.0393 3736 msahci (bb14a640e7f234f260d1aa19a60cf960) C:\Windows\system32\drivers\msahci.sys

2011/04/26 18:57:21.0486 3736 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys

2011/04/26 18:57:21.0518 3736 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/04/26 18:57:21.0549 3736 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/04/26 18:57:21.0580 3736 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/04/26 18:57:21.0642 3736 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/04/26 18:57:21.0736 3736 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/04/26 18:57:21.0752 3736 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/04/26 18:57:21.0783 3736 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/04/26 18:57:21.0830 3736 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/04/26 18:57:21.0986 3736 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/04/26 18:57:22.0032 3736 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

2011/04/26 18:57:22.0048 3736 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/04/26 18:57:22.0204 3736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/04/26 18:57:22.0266 3736 NDIS (779e9149d3662ed6beb58a67e3c775f4) C:\Windows\system32\drivers\ndis.sys

2011/04/26 18:57:22.0407 3736 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/04/26 18:57:22.0422 3736 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/04/26 18:57:22.0500 3736 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/04/26 18:57:22.0532 3736 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/04/26 18:57:22.0563 3736 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/04/26 18:57:22.0625 3736 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/04/26 18:57:22.0719 3736 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/04/26 18:57:23.0015 3736 NETw5v32 (ac11813196ad734b8aa6164c8491f37f) C:\Windows\system32\DRIVERS\NETw5v32.sys

2011/04/26 18:57:23.0327 3736 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

2011/04/26 18:57:23.0483 3736 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys

2011/04/26 18:57:23.0670 3736 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys

2011/04/26 18:57:23.0748 3736 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/04/26 18:57:23.0936 3736 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/04/26 18:57:24.0123 3736 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2011/04/26 18:57:24.0232 3736 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/04/26 18:57:24.0263 3736 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\drivers\nvraid.sys

2011/04/26 18:57:24.0294 3736 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\drivers\nvstor.sys

2011/04/26 18:57:24.0310 3736 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/04/26 18:57:24.0435 3736 O2MDRDR (908593eac1ffe529fe760b0a378b3600) C:\Windows\system32\DRIVERS\o2media.sys

2011/04/26 18:57:24.0497 3736 O2SDRDR (e5e4f48a17cdd4683936b06563ba1c51) C:\Windows\system32\DRIVERS\o2sd.sys

2011/04/26 18:57:24.0575 3736 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/04/26 18:57:24.0731 3736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys

2011/04/26 18:57:24.0794 3736 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/04/26 18:57:24.0825 3736 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys

2011/04/26 18:57:24.0903 3736 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys

2011/04/26 18:57:25.0043 3736 pci (80a4748a0304715c29093311795ac448) C:\Windows\system32\drivers\pci.sys

2011/04/26 18:57:25.0106 3736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/04/26 18:57:25.0152 3736 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

2011/04/26 18:57:25.0308 3736 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/04/26 18:57:25.0464 3736 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/04/26 18:57:25.0730 3736 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/04/26 18:57:25.0854 3736 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

2011/04/26 18:57:25.0917 3736 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/04/26 18:57:26.0088 3736 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

2011/04/26 18:57:26.0260 3736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

2011/04/26 18:57:26.0307 3736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/04/26 18:57:26.0416 3736 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/04/26 18:57:26.0478 3736 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/04/26 18:57:26.0588 3736 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/04/26 18:57:26.0619 3736 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/04/26 18:57:26.0666 3736 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/04/26 18:57:26.0775 3736 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/04/26 18:57:26.0822 3736 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/04/26 18:57:26.0915 3736 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/04/26 18:57:26.0946 3736 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/04/26 18:57:27.0024 3736 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/04/26 18:57:27.0134 3736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/04/26 18:57:27.0196 3736 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/04/26 18:57:27.0305 3736 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/04/26 18:57:27.0352 3736 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/04/26 18:57:27.0446 3736 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys

2011/04/26 18:57:27.0539 3736 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys

2011/04/26 18:57:27.0648 3736 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys

2011/04/26 18:57:27.0758 3736 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys

2011/04/26 18:57:27.0820 3736 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys

2011/04/26 18:57:27.0867 3736 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys

2011/04/26 18:57:27.0960 3736 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/04/26 18:57:28.0007 3736 RSUSBSTOR (83f7a29b659771e60cd71999ef57aa0c) C:\Windows\System32\Drivers\RtsUStor.sys

2011/04/26 18:57:28.0179 3736 RTHDMIAzAudService (3f521ee3308fe66bcfe688dbbc7acf7f) C:\Windows\system32\drivers\RtHDMIV.sys

2011/04/26 18:57:28.0366 3736 RTSTOR (702a60acc6c067cc3f688c801a1f76e1) C:\Windows\system32\drivers\RTSTOR.SYS

2011/04/26 18:57:28.0506 3736 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys

2011/04/26 18:57:28.0647 3736 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys

2011/04/26 18:57:28.0725 3736 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys

2011/04/26 18:57:28.0865 3736 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys

2011/04/26 18:57:29.0021 3736 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys

2011/04/26 18:57:29.0146 3736 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys

2011/04/26 18:57:29.0427 3736 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys

2011/04/26 18:57:29.0864 3736 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\drivers\vms3cap.sys

2011/04/26 18:57:30.0129 3736 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\drivers\sbp2port.sys

2011/04/26 18:57:30.0363 3736 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/04/26 18:57:30.0722 3736 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys

2011/04/26 18:57:30.0987 3736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/04/26 18:57:31.0236 3736 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

2011/04/26 18:57:31.0424 3736 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/04/26 18:57:31.0455 3736 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys

2011/04/26 18:57:31.0486 3736 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

2011/04/26 18:57:31.0689 3736 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys

2011/04/26 18:57:31.0876 3736 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/04/26 18:57:31.0954 3736 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/04/26 18:57:32.0016 3736 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/04/26 18:57:32.0032 3736 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

2011/04/26 18:57:32.0079 3736 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/04/26 18:57:32.0126 3736 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

2011/04/26 18:57:32.0157 3736 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

2011/04/26 18:57:32.0250 3736 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/04/26 18:57:32.0328 3736 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys

2011/04/26 18:57:32.0469 3736 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/04/26 18:57:32.0578 3736 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2011/04/26 18:57:32.0578 3736 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/04/26 18:57:32.0578 3736 sptd - detected Locked file (1)

2011/04/26 18:57:32.0765 3736 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys

2011/04/26 18:57:32.0921 3736 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys

2011/04/26 18:57:33.0077 3736 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/04/26 18:57:33.0311 3736 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/04/26 18:57:33.0623 3736 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/04/26 18:57:33.0873 3736 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys

2011/04/26 18:57:34.0107 3736 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

2011/04/26 18:57:34.0294 3736 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\drivers\vmstorfl.sys

2011/04/26 18:57:34.0434 3736 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\drivers\storvsc.sys

2011/04/26 18:57:34.0497 3736 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/04/26 18:57:34.0606 3736 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/04/26 18:57:34.0918 3736 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/04/26 18:57:35.0074 3736 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/04/26 18:57:35.0105 3736 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/04/26 18:57:35.0136 3736 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/04/26 18:57:35.0199 3736 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/04/26 18:57:35.0230 3736 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/04/26 18:57:35.0308 3736 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/04/26 18:57:35.0448 3736 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/04/26 18:57:35.0495 3736 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

2011/04/26 18:57:35.0589 3736 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys

2011/04/26 18:57:35.0854 3736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/04/26 18:57:35.0963 3736 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys

2011/04/26 18:57:36.0010 3736 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

2011/04/26 18:57:36.0135 3736 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys

2011/04/26 18:57:36.0322 3736 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

2011/04/26 18:57:36.0431 3736 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/04/26 18:57:37.0367 3736 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/04/26 18:57:38.0397 3736 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/04/26 18:57:39.0333 3736 usbhub (0db84eda895894ba222e27acf597c806) C:\Windows\system32\DRIVERS\usbhub.sys

2011/04/26 18:57:40.0284 3736 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

2011/04/26 18:57:41.0174 3736 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys

2011/04/26 18:57:42.0141 3736 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys

2011/04/26 18:57:43.0124 3736 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

2011/04/26 18:57:44.0122 3736 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/04/26 18:57:44.0949 3736 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/04/26 18:57:45.0947 3736 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys

2011/04/26 18:57:46.0821 3736 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/04/26 18:57:47.0726 3736 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/04/26 18:57:48.0568 3736 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/04/26 18:57:49.0473 3736 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\drivers\vhdmp.sys

2011/04/26 18:57:50.0378 3736 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/04/26 18:57:51.0142 3736 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

2011/04/26 18:57:51.0907 3736 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/04/26 18:57:52.0733 3736 vm3dmp (e2d93ecd5a0f3bfba99d023074c73f6a) C:\Windows\system32\DRIVERS\vm3dmp.sys

2011/04/26 18:57:54.0028 3736 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\drivers\vmbus.sys

2011/04/26 18:57:54.0683 3736 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\drivers\VMBusHID.sys

2011/04/26 18:57:56.0072 3736 vmmouse (17cd671136032e3a202b4a9c6c4c9dba) C:\Windows\system32\DRIVERS\vmmouse.sys

2011/04/26 18:57:56.0665 3736 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\drivers\volmgr.sys

2011/04/26 18:57:57.0398 3736 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/04/26 18:57:58.0162 3736 volsnap (70f41d1ebdd9ee6ed2fd0fc05aa1fc13) C:\Windows\system32\drivers\volsnap.sys

2011/04/26 18:57:59.0067 3736 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys

2011/04/26 18:57:59.0753 3736 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys

2011/04/26 18:57:59.0863 3736 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys

2011/04/26 18:57:59.0956 3736 vpcvmm (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys

2011/04/26 18:58:00.0143 3736 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

2011/04/26 18:58:00.0221 3736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/04/26 18:58:00.0315 3736 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

2011/04/26 18:58:00.0393 3736 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/26 18:58:00.0409 3736 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/26 18:58:00.0518 3736 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

2011/04/26 18:58:00.0596 3736 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/04/26 18:58:00.0705 3736 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/04/26 18:58:00.0767 3736 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/04/26 18:58:00.0845 3736 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/04/26 18:58:00.0955 3736 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/04/26 18:58:01.0033 3736 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/04/26 18:58:01.0111 3736 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/04/26 18:58:01.0189 3736 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/04/26 18:58:01.0329 3736 yukonw7 (3eb1576f77b60a6c79dd7742b67219b8) C:\Windows\system32\DRIVERS\yk62x86.sys

2011/04/26 18:58:01.0454 3736 ================================================================================

2011/04/26 18:58:01.0454 3736 Scan finished

2011/04/26 18:58:01.0454 3736 ================================================================================

2011/04/26 18:58:01.0469 1784 Detected object count: 1

2011/04/26 18:58:15.0026 1784 Locked file(sptd) - User select action: Skip

MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Wersja bazy: 6448

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2011-04-26 19:14:33

mbam-log-2011-04-26 (19-14-21).txt

Typ skanowania: Szybkie skanowanie

Przeskanowano obiektów: 152653

Upłynęło: 12 minut(y), 35 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 3

Zainfekowanych folderów: 0

Zainfekowanych plików: 4

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

c:\Users\dorotex\local settings\tempxm2920.html (Trojan.FakeAlert) -> No action taken.

c:\Users\dorotex\local settings\tempxo4520.html (Trojan.FakeAlert) -> No action taken.

c:\Users\dorotex\local settings\tempxq1876.html (Trojan.FakeAlert) -> No action taken.

c:\Users\dorotex\local settings\tempxu1788.html (Trojan.FakeAlert) -> No action taken.

mbr chceck nie zapisuje loga, za to mbr.exe (jakis skaner z tematu o logach) nic nie znajduje.

Kolobos · 29 Kwietnia 2011

Nie widze, zebys mial zainfekowany system.

logimen · 29 Kwietnia 2011

To spoko,dzieki. Widocznie KAV usunal to co bylo,a byl w raporcie jakis rootkit.bigs cos takiego.

Zaloguj się

Prośba o analize logow

Rekomendowane odpowiedzi

logimen

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

logimen

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

logimen

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

logimen

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

logimen

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Dołącz do dyskusji

Przeglądaj

Cała aktywność