Problem z aktualizacjami kaspersky'ego i trojan w kompie

**Posty:** 2 · przez **Sildra** 02 Lis 2011, 10:57

Witam,

Od około 2 tygodni Kaspersky Internet Security nie aktualizuje się w ogóle. Po przeskanowaniu kompa wyszło, że mam trojana trojan-psw.win32.tibia.ru oraz sporo malware'u. Dodatkowym objawem jest okazjonalne zwieszenie się kompa i konieczność twardego resetu. Zdarza się to niestety w sposób losowy, czasem po 5 minutach, czasem po 2 godzinach. Zawsze gdzieś w tle włączony jest wtedy Firefox.

Windows XP Pro 32-bity z SP3.

Załączam pliki OTL i GMER

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2011-11-01 22:53:36 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = F:\FORUM\OTL Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,79 Mb Total Physical Memory | 307,36 Mb Available Physical Memory | 30,05% Memory free 2,40 Gb Paging File | 1,70 Gb Available in Paging File | 70,77% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 57,10 Gb Total Space | 29,04 Gb Free Space | 50,86% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 1,82 Gb Free Space | 4,88% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 26,44 Gb Free Space | 54,14% Space Free | Partition Type: NTFS Drive F: | 175,78 Gb Total Space | 4,34 Gb Free Space | 2,47% Space Free | Partition Type: NTFS Drive G: | 62,95 Gb Total Space | 1,96 Gb Free Space | 3,11% Space Free | Partition Type: NTFS Drive I: | 3,76 Gb Total Space | 3,75 Gb Free Space | 99,86% Space Free | Partition Type: FAT32 Computer Name: KRZYSIEK | User Name: Dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-11-01 22:49:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\FORUM\OTL\OTL.exe PRC - [2011-09-04 21:53:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-04-24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011-04-24 22:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe PRC - [2011-01-23 19:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe PRC - [2011-01-23 19:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe PRC - [2010-10-28 01:11:28 | 003,792,943 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe PRC - [2010-06-17 06:55:00 | 003,680,568 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE PRC - [2010-06-14 15:10:32 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2010-04-14 13:56:01 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe PRC - [2010-03-25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- F:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe PRC - [2010-01-21 23:47:36 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-03-09 11:45:22 | 001,662,976 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe PRC - [2008-09-05 09:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe PRC - [2007-10-23 13:19:06 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007-10-23 13:18:46 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2002-07-02 16:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-10-30 09:37:17 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011-10-17 09:07:21 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll MOD - [2011-10-17 09:05:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011-10-17 09:04:11 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011-10-17 09:02:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011-10-17 09:02:38 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011-10-17 09:02:15 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011-10-17 08:59:24 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011-10-17 08:58:39 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011-10-14 20:49:48 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011-09-05 18:05:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL MOD - [2011-09-04 21:53:11 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-04-24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011-04-24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011-04-24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011-04-24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011-04-24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011-04-24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011-04-20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011-03-08 23:45:10 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011-01-23 19:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe MOD - [2011-01-23 19:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe MOD - [2010-09-08 17:12:12 | 000,143,360 | ---- | M] () -- C:\Program Files\Free Download Manager\iefdm2.dll MOD - [2010-04-05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizard.dll MOD - [2010-04-05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\customui.dll MOD - [2010-04-05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epfunct.dll MOD - [2010-04-05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\eputil.dll MOD - [2010-04-05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\imagutil.dll MOD - [2010-04-01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebdrs.dll MOD - [2010-04-01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll MOD - [2010-03-16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll MOD - [2009-11-04 07:14:38 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdrui.dll MOD - [2009-11-04 07:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxebdrpp.dll MOD - [2009-11-04 07:14:06 | 000,236,032 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdr.dll MOD - [2009-06-23 05:11:11 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epoemdll.dll MOD - [2009-06-23 05:10:44 | 000,049,152 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll MOD - [2009-06-23 05:09:46 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizres.dll MOD - [2009-06-07 18:44:02 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebprpr.dll MOD - [2009-05-27 06:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdatr.dll MOD - [2009-05-18 07:29:08 | 000,819,200 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebptpc.dll MOD - [2009-04-28 01:56:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\LXEBsmr.dll MOD - [2009-04-07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll MOD - [2009-03-09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll MOD - [2009-03-02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll MOD - [2009-02-20 02:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEBsm.dll MOD - [2007-12-06 04:50:44 | 000,401,408 | ---- | M] () -- C:\Program Files\Free Download Manager\FUM\fumcore.dll MOD - [2007-11-28 03:32:00 | 001,163,264 | ---- | M] () -- C:\Program Files\Ralink\Common\acAuth.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011-06-29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011-04-24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010-04-14 13:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxebcoms.exe -- (lxeb_device) SRV - [2010-04-14 13:55:54 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2009-08-10 12:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008-09-05 09:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-04-20 13:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011-03-10 17:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011-03-09 10:13:30 | 006,553,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2011-03-04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011-03-04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2010-04-27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010-04-27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010-04-27 15:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2010-04-27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010-04-27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010-01-21 23:47:36 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5) DRV - [2010-01-21 23:47:36 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531) DRV - [2010-01-21 23:47:36 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5) DRV - [2010-01-21 23:47:36 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132) DRV - [2010-01-21 23:47:36 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124) DRV - [2010-01-21 23:47:36 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2009-11-02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009-08-07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009-03-04 16:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2008-08-07 13:42:36 | 000,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol) DRV - [2008-04-13 22:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2002-12-17 07:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2002-09-16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2002-07-24 12:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2002-07-19 09:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2002-07-19 09:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2002-07-19 09:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2002-07-19 09:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2002-07-19 09:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2002-07-19 09:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) DRV - [1999-12-17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT) DRV - [1997-12-23 02:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1708537768-329068152-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1708537768-329068152-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=14597" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-10-08 21:55:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011-10-08 21:55:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011-10-08 21:55:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-04 21:53:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-15 20:36:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-08-30 20:15:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011-04-13 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Extensions [2011-10-25 08:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\5e230u4y.default\extensions [2011-10-25 08:32:38 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\5e230u4y.default\extensions\video.downloader.plugin@ffpimp.com [2011-10-10 17:21:28 | 000,002,410 | ---- | M] () -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\5e230u4y.default\searchplugins\s-amazon.xml [2011-10-20 19:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-04-15 22:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-07-03 13:25:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-10-20 19:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-04-13 22:03:31 | 000,000,000 | ---D | M] (Blokowanie banerów) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011-04-13 22:03:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak () (No name found) -- C:\DOCUMENTS AND SETTINGS\DOM\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\5E230U4Y.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\DOM\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\5E230U4Y.DEFAULT\EXTENSIONS\BRIEF@MOZDEV.ORG.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\DOM\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\5E230U4Y.DEFAULT\EXTENSIONS\IPLEXTOALL@ALLPLAYER.ORG.XPI [2011-04-15 22:38:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-10-08 21:55:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU [2011-10-08 21:55:10 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\LINKFILTER@KASPERSKY.RU [2011-10-08 21:55:11 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011-04-18 14:09:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-09-04 21:53:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-03-22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-01-01 09:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 09:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 09:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 09:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 09:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 09:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-04-19 22:05:25 | 000,000,774 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKU\S-1-5-21-1708537768-329068152-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe () O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe () O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-21-1708537768-329068152-1606980848-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-1708537768-329068152-1606980848-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1708537768-329068152-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Pobierz w Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302724941531 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52849768-654B-4ACD-8BBB-443FD48E687B}: DhcpNameServer = 62.179.1.63 62.179.1.62 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-04-13 20:30:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-08-03 22:33:34 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-11-01 22:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Menu Start\Programy\HiJackThis [2011-10-30 21:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner [2011-10-30 21:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011-10-30 21:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Hitman Pro [2011-10-20 19:19:20 | 000,348,672 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVSplitter.ax [2011-10-20 19:19:19 | 000,429,056 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVVideo.ax [2011-10-20 19:19:17 | 000,206,336 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVAudio.ax [2011-10-20 19:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-10-20 19:07:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011-10-20 19:07:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011-10-20 19:07:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011-10-14 19:03:34 | 000,000,000 | ---D | C] -- C:\KOSMOS [2011-10-14 18:52:23 | 000,000,000 | ---D | C] -- C:\Filmy [2011-04-15 20:25:00 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll [2011-04-15 20:23:44 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll [2011-04-15 20:23:44 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll [2011-04-15 20:23:44 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll [2011-04-15 20:23:44 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll [2011-04-15 20:23:44 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll [2011-04-15 20:23:44 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll [2011-04-15 20:23:44 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll [2011-04-15 20:23:44 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll [2011-04-15 20:23:44 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe [2011-04-15 20:23:43 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll [2011-04-15 20:23:43 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe [2011-04-15 20:23:43 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe [2011-04-15 20:23:43 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll [3 C:\Documents and Settings\All Users\Dane aplikacji\*.tmp files -> C:\Documents and Settings\All Users\Dane aplikacji\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-11-01 22:39:20 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\HiJackThis.lnk [2011-11-01 21:22:36 | 003,374,301 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80641102}.CDF [2011-11-01 21:22:36 | 003,374,301 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80641102}.BAK [2011-11-01 21:22:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-11-01 21:22:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-10-31 23:27:25 | 000,029,208 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000002-80641102}.rfx [2011-10-31 23:27:25 | 000,029,208 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000002-80641102}.rfx [2011-10-31 23:27:25 | 000,017,012 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000002-80641102}.rfx [2011-10-31 23:27:25 | 000,017,012 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000002-80641102}.rfx [2011-10-31 23:27:25 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011-10-31 23:27:25 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011-10-31 23:27:25 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80641102}.dat [2011-10-31 23:27:25 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80641102}.dat [2011-10-31 20:39:42 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Microsoft Office Word 2007.lnk [2011-10-30 21:41:37 | 000,000,788 | ---- | M] () -- C:\reg_backup.reg [2011-10-30 21:29:35 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011-10-30 21:13:43 | 000,155,445 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\GetSystemInfo_KRZYSIEK_Dom_2011_10_30_21_11_05.zip [2011-10-30 09:37:18 | 000,493,924 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-10-30 09:37:18 | 000,435,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-10-30 09:37:18 | 000,085,208 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-10-30 09:37:18 | 000,068,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-10-30 09:37:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011-10-20 19:29:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-10-20 19:29:51 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-10-20 19:20:39 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\ALLPlayer V4.7.lnk [2011-10-20 19:19:20 | 000,348,672 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVSplitter.ax [2011-10-20 19:19:19 | 000,429,056 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVVideo.ax [2011-10-20 19:19:17 | 000,206,336 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVAudio.ax [2011-10-20 19:19:16 | 000,215,296 | ---- | M] () -- C:\WINDOWS\System32\avutil-lav-51.dll [2011-10-20 19:19:15 | 000,933,098 | ---- | M] () -- C:\WINDOWS\System32\avformat-lav-53.dll [2011-10-20 19:19:14 | 005,616,084 | ---- | M] () -- C:\WINDOWS\System32\avcodec-lav-53.dll [2011-10-20 19:19:08 | 000,161,280 | ---- | M] () -- C:\WINDOWS\System32\libbluray.dll [2011-10-20 19:19:07 | 000,335,239 | ---- | M] () -- C:\WINDOWS\System32\swscale-lav-2.dll [2011-10-17 08:57:57 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-10-14 20:45:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-10-08 21:53:25 | 000,513,234 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\w2 001.jpg [2011-10-08 21:53:23 | 001,250,026 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\w1 001.jpg [2011-10-08 21:53:22 | 001,549,486 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\wyrys dzialki 001.jpg [2011-10-03 14:14:09 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm [2011-10-03 14:12:44 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz [2011-10-03 14:12:44 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll [2011-10-03 14:12:44 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2011-10-03 09:30:24 | 005,972,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2011-10-03 04:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011-10-03 04:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011-10-03 04:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011-10-03 04:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011-10-03 01:37:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [3 C:\Documents and Settings\All Users\Dane aplikacji\*.tmp files -> C:\Documents and Settings\All Users\Dane aplikacji\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-11-01 22:39:20 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\HiJackThis.lnk [2011-10-30 21:39:15 | 000,000,788 | ---- | C] () -- C:\reg_backup.reg [2011-10-30 21:29:35 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011-10-30 21:11:38 | 000,155,445 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\GetSystemInfo_KRZYSIEK_Dom_2011_10_30_21_11_05.zip [2011-10-20 19:20:39 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\ALLPlayer V4.7.lnk [2011-10-20 19:19:16 | 000,215,296 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll [2011-10-20 19:19:15 | 000,933,098 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-53.dll [2011-10-20 19:19:13 | 005,616,084 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-53.dll [2011-10-20 19:19:08 | 000,161,280 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll [2011-10-20 19:19:07 | 000,335,239 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll [2011-10-08 21:53:24 | 000,513,234 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\w2 001.jpg [2011-10-08 21:53:22 | 001,250,026 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\w1 001.jpg [2011-10-08 21:53:20 | 001,549,486 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\wyrys dzialki 001.jpg [2011-09-10 15:15:40 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db [2011-08-30 20:50:28 | 012,824,576 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\sandra.mda [2011-06-16 21:33:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011-04-19 21:38:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2011-04-19 21:38:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2011-04-19 21:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2011-04-19 21:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll [2011-04-19 21:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll [2011-04-19 21:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll [2011-04-19 21:26:40 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2011-04-19 21:26:40 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2011-04-19 21:20:57 | 000,723,981 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\unins000.exe [2011-04-19 21:20:57 | 000,002,159 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\unins000.dat [2011-04-16 14:23:23 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-04-15 22:19:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2011-04-15 22:00:12 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll [2011-04-15 21:59:47 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2011-04-15 21:59:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2011-04-15 21:53:40 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-04-15 21:49:51 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-04-15 21:49:51 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2011-04-15 20:25:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll [2011-04-15 20:24:57 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll [2011-04-15 20:24:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll [2011-04-15 20:24:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll [2011-04-15 20:23:44 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll [2011-04-15 20:23:44 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll [2011-04-15 20:23:44 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll [2011-04-15 20:23:44 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll [2011-04-15 20:23:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll [2011-04-15 20:23:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll [2011-04-15 20:23:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll [2011-04-15 20:23:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll [2011-04-15 20:23:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll [2011-04-13 22:24:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80641102}.dat [2011-04-13 22:24:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80641102}.dat [2011-04-13 22:22:10 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-04-13 22:18:56 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-04-13 22:10:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll [2011-04-13 22:10:04 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll [2011-04-13 22:03:19 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011-04-13 22:03:19 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011-04-13 21:17:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2011-04-13 21:17:40 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2011-04-13 21:17:40 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2011-04-13 21:17:23 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2011-04-13 21:17:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2011-04-13 21:17:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2011-04-13 21:17:22 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2011-04-13 21:17:22 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2011-04-13 21:17:22 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat [2011-04-13 21:17:22 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT [2011-04-13 21:17:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE [2011-04-13 21:17:22 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2011-04-13 21:17:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2011-04-13 21:17:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2011-04-13 21:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-04-13 20:46:42 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2011-04-13 20:38:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011-04-13 20:38:40 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011-04-13 20:38:40 | 000,227,586 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011-04-13 20:38:40 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011-04-13 20:33:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-04-13 20:27:44 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-03-21 18:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2010-01-21 23:47:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2010-01-21 23:47:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2010-01-21 23:47:36 | 000,493,924 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2010-01-21 23:47:36 | 000,435,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2010-01-21 23:47:36 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2010-01-21 23:47:36 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2010-01-21 23:47:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2010-01-21 23:47:36 | 000,085,208 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2010-01-21 23:47:36 | 000,068,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2010-01-21 23:47:36 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2010-01-21 23:47:36 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2010-01-21 23:47:36 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2010-01-21 23:47:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2010-01-21 23:47:36 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2010-01-21 23:47:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2010-01-21 23:47:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2009-09-09 17:01:40 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [color=#E56717]========== LOP Check ==========[/color] [2011-04-19 21:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems [2011-04-19 20:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FreeDownloadManager.ORG [2011-10-30 21:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Hitman Pro [2011-05-25 13:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Juniper Networks [2011-06-01 10:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lexmark Pro200-S500 Series [2011-04-13 20:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ralink Driver [2011-04-19 21:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SafeNet Sentinel [2011-04-19 21:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SPSS [2011-06-08 13:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Thomson.ResearchSoft.Installers [2011-06-25 20:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\ACD Systems [2011-09-29 09:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\EndNote [2011-11-01 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Free Download Manager [2011-04-15 20:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\GHISLER [2011-10-24 11:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Juniper Networks [2011-08-30 20:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Thunderbird [color=#E56717]========== Purity Check ==========[/color] < End of report >

OTL extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-11-01 22:53:36 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = F:\FORUM\OTL Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,79 Mb Total Physical Memory | 307,36 Mb Available Physical Memory | 30,05% Memory free 2,40 Gb Paging File | 1,70 Gb Available in Paging File | 70,77% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 57,10 Gb Total Space | 29,04 Gb Free Space | 50,86% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 1,82 Gb Free Space | 4,88% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 26,44 Gb Free Space | 54,14% Space Free | Partition Type: NTFS Drive F: | 175,78 Gb Total Space | 4,34 Gb Free Space | 2,47% Space Free | Partition Type: NTFS Drive G: | 62,95 Gb Total Space | 1,96 Gb Free Space | 3,11% Space Free | Partition Type: NTFS Drive I: | 3,76 Gb Total Space | 3,75 Gb Free Space | 99,86% Space Free | Partition Type: FAT32 Computer Name: KRZYSIEK | User Name: Dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1708537768-329068152-1606980848-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\lxebcoms.exe" = C:\WINDOWS\system32\lxebcoms.exe:*:Enabled:Pro200-S500 Series Server -- ( ) "D:\ASIA\SPSS\statistics.exe" = D:\ASIA\SPSS\statistics.exe:*:Disabled:Statistics17:exe -- (SPSS Inc) "D:\ASIA\SPSS\statistics.com" = D:\ASIA\SPSS\statistics.com:*:Disabled:Statistics17:com -- (SPSS Inc) "D:\ASIA\SPSS\SPSSWinWrapIDE.exe" = D:\ASIA\SPSS\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.) "C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware) "C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0297C87B-CC40-446F-865A-031B4FC0CF22}" = ToCA Race Driver 3 "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009 "{32FEA42D-3A59-49D9-8A2F-A3E2D8E663DF}" = SPSS SmartViewer 15.0 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MetaTrader Admiral Markets AS 4.00 "{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5758F1B9-E911-A4DC-F32E-3183A3EAA2CD}" = ccc-utility "{5CB817DC-E5B1-5111-1ECA-2D9F8E6134BB}" = CCC Help English "{5F3A7E60-BDB4-288C-A1A4-F8825D9DBBA6}" = Catalyst Control Center InstallProxy "{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10 "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3 "{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4 "{88589E19-665C-4575-A4A0-CE9C43C51045}" = Nero 8 "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Polish "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Professional Business 2010.SP2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{E5810CC7-4D59-FA3E-5CFD-0C28CB40F949}" = Catalyst Control Center "{E8E27E0D-7A44-AF39-7D75-DC0C9C615A14}" = Catalyst Control Center Localization All "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217 "{F3E15CDA-BD74-CD08-B286-A19E1B1A0647}" = Catalyst Control Center Graphics Previews Common "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "BSPlayer1" = BSPlayer "CCleaner" = CCleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "ffdshow_is1" = ffdshow v1.1.3984 [2011-09-22] "FormatFactory" = FormatFactory 2.70 "Free Download Manager_is1" = Free Download Manager 3.5 RC "HaaliMkx" = Haali Media Splitter "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series "Matroska Pack" = Matroska Pack "MatroskaProp" = MatroskaProp (remove only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 6.0.1 (x86 pl)" = Mozilla Firefox 6.0.1 (x86 pl) "Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1) "PowerDVD" = PowerDVD "Product_Name" = Planit Millennium II "Rainbow Sentinel Driver" = Sentinel System Driver "RealAlt_is1" = Real Alternative 1.9.0 Lite "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper "Totalcmd" = Total Commander (Remove or Repair) "Winamp" = Winamp [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1708537768-329068152-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CGoban 3" = CGoban 3 "JForex Client" = JForex Client "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-09-22 15:46:40 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 15:46:55 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 15:47:58 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 15:48:09 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 16:34:45 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 16:34:47 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca AcroRd32.exe, wersja 10.1.1.33, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-27 05:00:37 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-10-10 07:25:08 | Computer Name = KRZYSIEK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd acrord32.exe, wersja 10.1.1.33, moduł powodujący błąd acrord32.dll, wersja 10.1.1.33, adres błędu 0x000218f8. Error - 2011-10-17 06:51:46 | Computer Name = KRZYSIEK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd acrord32.exe, wersja 10.1.1.33, moduł powodujący błąd acrord32.dll, wersja 10.1.1.33, adres błędu 0x000218f8. Error - 2011-10-30 16:36:41 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca TOTALCMD.EXE, wersja 7.5.5.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2011-10-30 16:04:47 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-10-30 16:07:17 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxebCATSCustConnectService. Error - 2011-10-30 16:07:17 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-10-30 16:34:01 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Hitman Pro 3.5 Crusader z powodu następującego błędu: %%2 Error - 2011-10-31 04:19:47 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxebCATSCustConnectService. Error - 2011-10-31 04:19:47 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-10-31 11:57:29 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxebCATSCustConnectService. Error - 2011-10-31 11:57:29 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-11-01 16:22:27 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxebCATSCustConnectService. Error - 2011-11-01 16:22:27 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 < End of report >

GMER

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-01 23:39:33 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20 ST3250824A rev.3.AAE Running: vb13ht25.exe; Driver: C:\DOCUME~1\Dom\USTAWI~1\Temp\kxloqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAE6A7FBA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAE6A88B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAE6C1AEE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAE6A8E26] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAE6A8D14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAE6C1E06] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xAE6A9056] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xAE6A921E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAE6A7D76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAE6A8F3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAE6C3110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAE6A85E6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAE6C1ECE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAE6A953C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAE6BC084] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAE6BD88E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAE6A88F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAE6AA53C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAE6BD088] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAE6BDA38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAE6A962E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAE6BCBC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAE6BCE1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAE6A9B9A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAE6C030A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAE6A8EB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAE6A8DA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAE6A81F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAE6A997E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAE6A8FD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAE6A80E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xAE6C3120] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAE6BBEB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAE6BD698] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xAE6C0500] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAE6A9EC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAE6BD488] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAE6A97CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAE6BC198] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAE6BC80C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAE6C2048] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAE6C1F96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAE6C20B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAE6BCA14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAE6AA3DE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAE6BC33E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xAE6BC4D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xAE6BC670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAE6C1C76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAE6A8756] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAE6A93E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAE6AA010] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAE6BD248] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAE6AA104] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAE6AA23E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAE6A945E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAE6A8392] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAE6A82EA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAE6A9D78] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAE6A847C] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [06, 1E, 6C, AE, 56, 90, 6A, ...] {PUSH ES; PUSH DS; INSB ; SCASB ; PUSH ESI; NOP ; PUSH -0x52; PUSH DS; XCHG EDX, EAX; PUSH -0x52} .text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 16 Bytes [76, 7D, 6A, AE, 3E, 8F, 6A, ...] .text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [2E, 96, 6A, AE, C0, CB, 6B, ...] .text ntoskrnl.exe!ZwYieldExecution + 276 804E4AD0 4 Bytes [E8, 80, 6A, AE] .text ntoskrnl.exe!ZwYieldExecution + 376 804E4BD0 16 Bytes [98, C1, 6B, AE, 0C, C8, 6B, ...] {CWDE ; SHR DWORD [EBX-0x52], 0xc; ENTER 0xae6b, 0x48; AND [ESI+EBP*4-0x6a], CH; POP DS; INSB ; SCASB } .text ... .text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP AE69ADCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP AE69A9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5ABF000, 0x2A556C, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[632] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 106AA047 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[632] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 106A9FD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[632] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104B1B87 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[632] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 104B2155 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[792] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6F79DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6F79DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\USBSTOR.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1760] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk2\DR2 malicious Win32:MBRoot code @ sector 61 Disk \Device\Harddisk2\DR2 PE file @ sector 488392065 ---- EOF - GMER 1.0.15 ----

**Posty:** 18165 · przez **wojtas** 02 Lis 2011, 15:24

Uruchom narzędzie Kaspersky TDSSKiller z opcji Skip Daj też loga z MBRCheck . Następnie wklej raport z Kasperskyego i nowy log z Gmera i OTL

**Posty:** 2 · przez **Sildra** 02 Lis 2011, 23:31

OK, to po kolei.

Pozdrawiam

Kaspersky TDSS Killer

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-02 22:28:00 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20 ST3250824A rev.3.AAE Running: vb13ht25.exe; Driver: C:\DOCUME~1\Dom\USTAWI~1\Temp\kxloqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAE6A7FBA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAE6A88B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAE6C1AEE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAE6A8E26] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAE6A8D14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAE6C1E06] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xAE6A9056] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xAE6A921E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAE6A7D76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAE6A8F3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAE6C3110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAE6A85E6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAE6C1ECE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAE6A953C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAE6BC084] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAE6BD88E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAE6A88F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAE6AA53C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAE6BD088] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAE6BDA38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAE6A962E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAE6BCBC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAE6BCE1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAE6A9B9A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAE6C030A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAE6A8EB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAE6A8DA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAE6A81F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAE6A997E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAE6A8FD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAE6A80E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xAE6C3120] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAE6BBEB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAE6BD698] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xAE6C0500] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAE6A9EC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAE6BD488] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAE6A97CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAE6BC198] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAE6BC80C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAE6C2048] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAE6C1F96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAE6C20B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAE6BCA14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAE6AA3DE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAE6BC33E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xAE6BC4D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xAE6BC670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAE6C1C76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAE6A8756] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAE6A93E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAE6AA010] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAE6BD248] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAE6AA104] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAE6AA23E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAE6A945E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAE6A8392] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAE6A82EA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAE6A9D78] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAE6A847C] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [06, 1E, 6C, AE, 56, 90, 6A, ...] {PUSH ES; PUSH DS; INSB ; SCASB ; PUSH ESI; NOP ; PUSH -0x52; PUSH DS; XCHG EDX, EAX; PUSH -0x52} .text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 16 Bytes [76, 7D, 6A, AE, 3E, 8F, 6A, ...] .text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [2E, 96, 6A, AE, C0, CB, 6B, ...] .text ntoskrnl.exe!ZwYieldExecution + 276 804E4AD0 4 Bytes [E8, 80, 6A, AE] .text ntoskrnl.exe!ZwYieldExecution + 376 804E4BD0 16 Bytes [98, C1, 6B, AE, 0C, C8, 6B, ...] {CWDE ; SHR DWORD [EBX-0x52], 0xc; ENTER 0xae6b, 0x48; AND [ESI+EBP*4-0x6a], CH; POP DS; INSB ; SCASB } .text ... .text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP AE69ADCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP AE69A9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF62AF000, 0x2A556C, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6F79DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6F79DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk2\DR2 malicious Win32:MBRoot code @ sector 61 Disk \Device\Harddisk2\DR2 PE file @ sector 488392065 ---- EOF - GMER 1.0.15 ----

MBR Check

Kod: Zaznacz wszystko: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Dodatek Service Pack 3 (build 2600) Logical Drives Mask: 0x000000fd Kernel Drivers (total 144): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x80700000 \WINDOWS\system32\hal.dll 0xF7C40000 \WINDOWS\system32\KDCOM.DLL 0xF7B50000 \WINDOWS\system32\BOOTVID.dll 0xF76F0000 ACPI.sys 0xF7C42000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF76DF000 pci.sys 0xF7740000 isapnp.sys 0xF7D08000 PCIIde.sys 0xF79C0000 \WINDOWS\System32\Drivers\PCIIDEX.SYS 0xF7C44000 intelide.sys 0xF76C1000 pcmcia.sys 0xF7750000 MountMgr.sys 0xF76A2000 ftdisk.sys 0xF7C46000 dmload.sys 0xF767C000 dmio.sys 0xF79C8000 PartMgr.sys 0xF7760000 VolSnap.sys 0xF7664000 atapi.sys 0xF7770000 Si3112.sys 0xF764C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF7618000 Si3114r5.sys 0xF7607000 Si3124.sys 0xF75F6000 Si3132.sys 0xF75BF000 Si3132r5.sys 0xF7589000 Si3531.sys 0xF7780000 disk.sys 0xF7790000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7569000 fltMgr.sys 0xF7557000 sr.sys 0xF77A0000 PxHelp20.sys 0xF7540000 KSecDD.sys 0xF752D000 WudfPf.sys 0xF74A0000 Ntfs.sys 0xF7473000 NDIS.sys 0xF7459000 Mup.sys 0xF6F37000 kl1.sys 0xF77B0000 agp440.sys 0xF7830000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF62AE000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF629A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF7AC8000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF6276000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7AD0000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF61FE000 \SystemRoot\system32\drivers\ctaud2k.sys 0xF61DA000 \SystemRoot\system32\drivers\portcls.sys 0xF7840000 \SystemRoot\system32\drivers\drmk.sys 0xF61B7000 \SystemRoot\system32\drivers\ks.sys 0xF619E000 \SystemRoot\system32\drivers\ctoss2k.sys 0xF7C72000 \SystemRoot\System32\drivers\ctprxy2k.sys 0xF7C2C000 \SystemRoot\system32\DRIVERS\gameenum.sys 0xF7AD8000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF618A000 \SystemRoot\system32\DRIVERS\parport.sys 0xF7850000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF7AE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7860000 \SystemRoot\system32\DRIVERS\serial.sys 0xF7C30000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF7870000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7880000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF7890000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF78A0000 \SystemRoot\system32\DRIVERS\klim5.sys 0xF7DC7000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF78B0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7C3C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF60D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF78C0000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF78D0000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7AE8000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF60C2000 \SystemRoot\system32\DRIVERS\psched.sys 0xF78E0000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7AF0000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7AF8000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF6092000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF78F0000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7B00000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7C76000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF6034000 \SystemRoot\system32\DRIVERS\update.sys 0xF6EF7000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF6EF3000 \SystemRoot\system32\drivers\WmBEnum.sys 0xF7910000 \SystemRoot\system32\drivers\WmXlCore.sys 0xF7920000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7950000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7C7A000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xAE758000 \SystemRoot\system32\drivers\ha10kx2k.sys 0xAE743000 \SystemRoot\System32\drivers\ctac32k.sys 0xAE72A000 \SystemRoot\System32\drivers\emupia2k.sys 0xAE70B000 \SystemRoot\System32\drivers\ctsfm2k.sys 0xF7B18000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xAE678000 \SystemRoot\system32\DRIVERS\klif.sys 0xF7C80000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7E5C000 \SystemRoot\System32\Drivers\Null.SYS 0xF7C82000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7B30000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7B38000 \SystemRoot\System32\drivers\vga.sys 0xF7C84000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7C86000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7B40000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7B48000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7BFC000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF79D8000 \SystemRoot\system32\DRIVERS\kl2.sys 0xF7C04000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF7970000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xAE5F5000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAE59C000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xAE574000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAE54E000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF7980000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAE504000 \SystemRoot\System32\drivers\afd.sys 0xF7990000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAE4D9000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF7E6E000 \SystemRoot\System32\Drivers\PQNTDrv.SYS 0xAE469000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF79A0000 \SystemRoot\System32\Drivers\Fips.SYS 0xAE3BB000 \SystemRoot\system32\DRIVERS\rt2870.sys 0xF5FD5000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xF7820000 \SystemRoot\system32\DRIVERS\klmouflt.sys 0xF7900000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xAE3A3000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7CC6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xAE620000 \SystemRoot\System32\drivers\Dxapi.sys 0xF7A18000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7D48000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF060000 \SystemRoot\System32\ati2cqag.dll 0xBF130000 \SystemRoot\System32\atikvmag.dll 0xBF1DF000 \SystemRoot\System32\atiok3x2.dll 0xBF25C000 \SystemRoot\System32\ati3duag.dll 0xBF9C9000 \SystemRoot\System32\ativvaxx.dll 0xBF651000 \SystemRoot\System32\ATMFD.DLL 0xF7AB0000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xABD2D000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF7CA4000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xABCF2000 \SystemRoot\System32\Drivers\SENTINEL.SYS 0xABCDD000 \SystemRoot\system32\drivers\wdmaud.sys 0xABE4A000 \SystemRoot\system32\drivers\sysaudio.sys 0xABD7E000 \SystemRoot\System32\Drivers\Aspi32.SYS 0xABA4F000 \SystemRoot\system32\DRIVERS\srv.sys 0xF7CD8000 \??\C:\WINDOWS\system32\PfModNT.sys 0xAB927000 \SystemRoot\system32\drivers\WmVirHid.sys 0xAB91F000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xAB216000 \SystemRoot\System32\Drivers\HTTP.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 45): 0 System Idle Process 4 System 916 C:\WINDOWS\system32\smss.exe 964 csrss.exe 1004 C:\WINDOWS\system32\winlogon.exe 1048 C:\WINDOWS\system32\services.exe 1060 C:\WINDOWS\system32\lsass.exe 1240 C:\WINDOWS\system32\ati2evxx.exe 1260 C:\WINDOWS\system32\svchost.exe 1308 svchost.exe 1356 C:\WINDOWS\system32\svchost.exe 1396 C:\WINDOWS\system32\svchost.exe 1464 svchost.exe 1488 svchost.exe 1572 C:\WINDOWS\system32\spoolsv.exe 1644 C:\WINDOWS\system32\ati2evxx.exe 1712 svchost.exe 1932 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe 2016 C:\Program Files\Java\jre6\bin\jqs.exe 2028 C:\WINDOWS\explorer.exe 224 C:\WINDOWS\system32\lxebcoms.exe 268 C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe 348 C:\WINDOWS\system32\svchost.exe 784 C:\WINDOWS\system32\CTHELPER.EXE 872 C:\Program Files\Logitech\Gaming Software\LWEMon.exe 888 C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe 900 C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe 940 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe 956 C:\Program Files\Common Files\Java\Java Update\jusched.exe 112 C:\WINDOWS\system32\ctfmon.exe 1292 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe 1380 C:\Program Files\Messenger\msmsgs.exe 1472 C:\Program Files\Ralink\Common\RaUI.exe 1924 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2124 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 2324 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 2340 alg.exe 2660 wmiprvse.exe 2988 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 4020 C:\totalcmd\TOTALCMD.EXE 3900 C:\Program Files\Mozilla Firefox\firefox.exe 3576 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe 3664 C:\Program Files\Mozilla Firefox\plugin-container.exe 2816 C:\Program Files\Mozilla Firefox\plugin-container.exe 2224 F:\FORUM\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive2 at offset 0x0000000e`466fba00 (NTFS) \\.\G: --> \\.\PhysicalDrive1 at offset 0x0000000c`3570cc00 (NTFS) PhysicalDrive2 Model Number: ST3250824A, Rev: 3.AAE PhysicalDrive0 Model Number: ST340016A, Rev: 3.05 PhysicalDrive1 Model Number: ST3120026A, Rev: 8.01 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive2 Windows XP MBR code detected SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C 37 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C 111 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C Done!

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2011-11-02 20:28:30 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = F:\FORUM\OTL Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,79 Mb Total Physical Memory | 476,53 Mb Available Physical Memory | 46,59% Memory free 2,40 Gb Paging File | 1,80 Gb Available in Paging File | 75,20% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 57,10 Gb Total Space | 29,63 Gb Free Space | 51,89% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 1,82 Gb Free Space | 4,88% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 26,44 Gb Free Space | 54,14% Space Free | Partition Type: NTFS Drive F: | 175,78 Gb Total Space | 4,34 Gb Free Space | 2,47% Space Free | Partition Type: NTFS Drive G: | 62,95 Gb Total Space | 1,96 Gb Free Space | 3,11% Space Free | Partition Type: NTFS Computer Name: KRZYSIEK | User Name: Dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-11-01 22:49:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\FORUM\OTL\OTL.exe PRC - [2011-09-04 21:53:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-04-24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011-04-24 22:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe PRC - [2011-01-23 19:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe PRC - [2011-01-23 19:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe PRC - [2010-06-17 06:55:00 | 003,680,568 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE PRC - [2010-06-14 15:10:32 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe PRC - [2010-04-14 13:56:01 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe PRC - [2010-01-21 23:47:36 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-03-09 11:45:22 | 001,662,976 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe PRC - [2008-09-05 09:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe PRC - [2007-10-23 13:19:06 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007-10-23 13:18:46 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2002-07-02 16:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-10-17 09:07:21 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll MOD - [2011-10-17 09:05:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011-10-17 09:04:11 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011-10-17 09:02:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011-10-17 09:02:38 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011-10-17 09:02:15 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011-10-17 08:59:24 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011-10-17 08:58:39 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011-10-14 20:49:48 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011-09-05 18:05:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL MOD - [2011-09-04 21:53:11 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-04-24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll MOD - [2011-04-24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll MOD - [2011-04-24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll MOD - [2011-04-24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll MOD - [2011-04-24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll MOD - [2011-04-24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll MOD - [2011-04-20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011-03-08 23:45:10 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011-01-23 19:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe MOD - [2011-01-23 19:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe MOD - [2010-04-05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizard.dll MOD - [2010-04-05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\customui.dll MOD - [2010-04-05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epfunct.dll MOD - [2010-04-05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\eputil.dll MOD - [2010-04-05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\imagutil.dll MOD - [2010-04-01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebdrs.dll MOD - [2010-04-01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll MOD - [2010-03-16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll MOD - [2009-11-04 07:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxebdrpp.dll MOD - [2009-06-23 05:11:11 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epoemdll.dll MOD - [2009-06-23 05:10:44 | 000,049,152 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll MOD - [2009-06-23 05:09:46 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizres.dll MOD - [2009-05-27 06:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdatr.dll MOD - [2009-04-28 01:56:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\LXEBsmr.dll MOD - [2009-04-07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll MOD - [2009-03-09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll MOD - [2009-03-02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll MOD - [2009-02-20 02:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEBsm.dll MOD - [2007-11-28 03:32:00 | 001,163,264 | ---- | M] () -- C:\Program Files\Ralink\Common\acAuth.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011-06-29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011-04-24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2010-04-14 13:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxebcoms.exe -- (lxeb_device) SRV - [2010-04-14 13:55:54 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2009-08-10 12:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008-09-05 09:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-04-20 13:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2011-03-10 17:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2011-03-09 10:13:30 | 006,553,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2011-03-04 12:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2011-03-04 12:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2010-04-27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010-04-27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010-04-27 15:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2010-04-27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010-04-27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010-01-21 23:47:36 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5) DRV - [2010-01-21 23:47:36 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531) DRV - [2010-01-21 23:47:36 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5) DRV - [2010-01-21 23:47:36 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132) DRV - [2010-01-21 23:47:36 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124) DRV - [2010-01-21 23:47:36 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2009-11-02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009-08-07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009-03-04 16:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2008-08-07 13:42:36 | 000,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol) DRV - [2008-04-13 22:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2002-12-17 07:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2002-09-16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2002-07-24 12:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2002-07-19 09:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2002-07-19 09:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2002-07-19 09:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2002-07-19 09:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2002-07-19 09:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2002-07-19 09:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) DRV - [1999-12-17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT) DRV - [1997-12-23 02:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1708537768-329068152-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1708537768-329068152-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=14597" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-10-08 21:55:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011-10-08 21:55:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011-10-08 21:55:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-04 21:53:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-09-15 20:36:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-08-30 20:15:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011-04-13 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Extensions [2011-10-25 08:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\5e230u4y.default\extensions [2011-10-25 08:32:38 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\5e230u4y.default\extensions\video.downloader.plugin@ffpimp.com [2011-10-10 17:21:28 | 000,002,410 | ---- | M] () -- C:\Documents and Settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\5e230u4y.default\searchplugins\s-amazon.xml [2011-10-20 19:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-04-15 22:39:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-07-03 13:25:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-10-20 19:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-04-13 22:03:31 | 000,000,000 | ---D | M] (Blokowanie banerów) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011-04-13 22:03:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak () (No name found) -- C:\DOCUMENTS AND SETTINGS\DOM\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\5E230U4Y.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\DOM\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\5E230U4Y.DEFAULT\EXTENSIONS\BRIEF@MOZDEV.ORG.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\DOM\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\5E230U4Y.DEFAULT\EXTENSIONS\IPLEXTOALL@ALLPLAYER.ORG.XPI [2011-04-15 22:38:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-10-08 21:55:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU [2011-10-08 21:55:10 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\LINKFILTER@KASPERSKY.RU [2011-10-08 21:55:11 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2011-04-18 14:09:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-09-04 21:53:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-03-22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-01-01 09:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 09:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 09:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 09:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 09:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 09:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-04-19 22:05:25 | 000,000,774 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKU\S-1-5-21-1708537768-329068152-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe () O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe () O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-21-1708537768-329068152-1606980848-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-1708537768-329068152-1606980848-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1708537768-329068152-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Pobierz w Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302724941531 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52849768-654B-4ACD-8BBB-443FD48E687B}: DhcpNameServer = 62.179.1.63 62.179.1.62 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-04-13 20:30:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-08-03 22:33:34 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-11-01 22:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Menu Start\Programy\HiJackThis [2011-10-30 21:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner [2011-10-30 21:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011-10-30 21:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Hitman Pro [2011-10-20 19:19:20 | 000,348,672 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVSplitter.ax [2011-10-20 19:19:19 | 000,429,056 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVVideo.ax [2011-10-20 19:19:17 | 000,206,336 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVAudio.ax [2011-10-20 19:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-10-20 19:07:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011-10-20 19:07:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011-10-20 19:07:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011-10-14 19:03:34 | 000,000,000 | ---D | C] -- C:\KOSMOS [2011-10-14 18:52:23 | 000,000,000 | ---D | C] -- C:\Filmy [2011-04-15 20:25:00 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll [2011-04-15 20:23:44 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll [2011-04-15 20:23:44 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll [2011-04-15 20:23:44 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll [2011-04-15 20:23:44 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll [2011-04-15 20:23:44 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll [2011-04-15 20:23:44 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll [2011-04-15 20:23:44 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll [2011-04-15 20:23:44 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll [2011-04-15 20:23:44 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe [2011-04-15 20:23:43 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll [2011-04-15 20:23:43 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe [2011-04-15 20:23:43 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe [2011-04-15 20:23:43 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll [3 C:\Documents and Settings\All Users\Dane aplikacji\*.tmp files -> C:\Documents and Settings\All Users\Dane aplikacji\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-11-02 19:01:18 | 003,374,301 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80641102}.CDF [2011-11-02 19:01:18 | 003,374,301 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80641102}.BAK [2011-11-02 19:01:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-11-02 17:59:59 | 000,029,208 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000002-80641102}.rfx [2011-11-02 17:59:59 | 000,029,208 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000002-80641102}.rfx [2011-11-02 17:59:59 | 000,017,012 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000002-80641102}.rfx [2011-11-02 17:59:59 | 000,017,012 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000002-80641102}.rfx [2011-11-02 17:59:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011-11-02 17:59:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011-11-02 17:59:59 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80641102}.dat [2011-11-02 17:59:59 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80641102}.dat [2011-11-02 09:57:25 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\Microsoft Office Word 2007.lnk [2011-11-01 22:39:20 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\HiJackThis.lnk [2011-11-01 21:22:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-10-30 21:41:37 | 000,000,788 | ---- | M] () -- C:\reg_backup.reg [2011-10-30 21:29:35 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011-10-30 21:13:43 | 000,155,445 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\GetSystemInfo_KRZYSIEK_Dom_2011_10_30_21_11_05.zip [2011-10-30 09:37:18 | 000,493,924 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-10-30 09:37:18 | 000,435,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-10-30 09:37:18 | 000,085,208 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-10-30 09:37:18 | 000,068,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-10-30 09:37:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011-10-20 19:29:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-10-20 19:29:51 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-10-20 19:20:39 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\ALLPlayer V4.7.lnk [2011-10-20 19:19:20 | 000,348,672 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVSplitter.ax [2011-10-20 19:19:19 | 000,429,056 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVVideo.ax [2011-10-20 19:19:17 | 000,206,336 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\WINDOWS\System32\LAVAudio.ax [2011-10-20 19:19:16 | 000,215,296 | ---- | M] () -- C:\WINDOWS\System32\avutil-lav-51.dll [2011-10-20 19:19:15 | 000,933,098 | ---- | M] () -- C:\WINDOWS\System32\avformat-lav-53.dll [2011-10-20 19:19:14 | 005,616,084 | ---- | M] () -- C:\WINDOWS\System32\avcodec-lav-53.dll [2011-10-20 19:19:08 | 000,161,280 | ---- | M] () -- C:\WINDOWS\System32\libbluray.dll [2011-10-20 19:19:07 | 000,335,239 | ---- | M] () -- C:\WINDOWS\System32\swscale-lav-2.dll [2011-10-17 08:57:57 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-10-14 20:45:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-10-08 21:53:25 | 000,513,234 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\w2 001.jpg [2011-10-08 21:53:23 | 001,250,026 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\w1 001.jpg [2011-10-08 21:53:22 | 001,549,486 | ---- | M] () -- C:\Documents and Settings\Dom\Pulpit\wyrys dzialki 001.jpg [3 C:\Documents and Settings\All Users\Dane aplikacji\*.tmp files -> C:\Documents and Settings\All Users\Dane aplikacji\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-11-01 22:39:20 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\HiJackThis.lnk [2011-10-30 21:39:15 | 000,000,788 | ---- | C] () -- C:\reg_backup.reg [2011-10-30 21:29:35 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2011-10-30 21:11:38 | 000,155,445 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\GetSystemInfo_KRZYSIEK_Dom_2011_10_30_21_11_05.zip [2011-10-20 19:20:39 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\ALLPlayer V4.7.lnk [2011-10-20 19:19:16 | 000,215,296 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll [2011-10-20 19:19:15 | 000,933,098 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-53.dll [2011-10-20 19:19:13 | 005,616,084 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-53.dll [2011-10-20 19:19:08 | 000,161,280 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll [2011-10-20 19:19:07 | 000,335,239 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll [2011-10-08 21:53:24 | 000,513,234 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\w2 001.jpg [2011-10-08 21:53:22 | 001,250,026 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\w1 001.jpg [2011-10-08 21:53:20 | 001,549,486 | ---- | C] () -- C:\Documents and Settings\Dom\Pulpit\wyrys dzialki 001.jpg [2011-09-10 15:15:40 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db [2011-08-30 20:50:28 | 012,824,576 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\sandra.mda [2011-06-16 21:33:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011-04-19 21:38:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2011-04-19 21:38:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2011-04-19 21:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2011-04-19 21:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll [2011-04-19 21:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll [2011-04-19 21:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll [2011-04-19 21:26:40 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2011-04-19 21:26:40 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2011-04-19 21:20:57 | 000,723,981 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\unins000.exe [2011-04-19 21:20:57 | 000,002,159 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\unins000.dat [2011-04-16 14:23:23 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-04-15 22:19:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2011-04-15 22:00:12 | 000,207,360 | ---- | C] () -- C:\WINDOWS\System32\evrprop.dll [2011-04-15 21:59:47 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2011-04-15 21:59:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2011-04-15 21:53:40 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-04-15 21:49:51 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011-04-15 21:49:51 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2011-04-15 20:25:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll [2011-04-15 20:24:57 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll [2011-04-15 20:24:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll [2011-04-15 20:24:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll [2011-04-15 20:23:44 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll [2011-04-15 20:23:44 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll [2011-04-15 20:23:44 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll [2011-04-15 20:23:44 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll [2011-04-15 20:23:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll [2011-04-15 20:23:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll [2011-04-15 20:23:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll [2011-04-15 20:23:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll [2011-04-15 20:23:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll [2011-04-13 22:24:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80641102}.dat [2011-04-13 22:24:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80641102}.dat [2011-04-13 22:22:10 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-04-13 22:18:56 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-04-13 22:10:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll [2011-04-13 22:10:04 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll [2011-04-13 22:03:19 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2011-04-13 22:03:19 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2011-04-13 21:17:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2011-04-13 21:17:40 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2011-04-13 21:17:40 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2011-04-13 21:17:23 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2011-04-13 21:17:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2011-04-13 21:17:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2011-04-13 21:17:22 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2011-04-13 21:17:22 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2011-04-13 21:17:22 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat [2011-04-13 21:17:22 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT [2011-04-13 21:17:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE [2011-04-13 21:17:22 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2011-04-13 21:17:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2011-04-13 21:17:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2011-04-13 21:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-04-13 20:46:42 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2011-04-13 20:38:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011-04-13 20:38:40 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011-04-13 20:38:40 | 000,227,586 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011-04-13 20:38:40 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011-04-13 20:33:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-04-13 20:27:44 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-03-21 18:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2010-01-21 23:47:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2010-01-21 23:47:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2010-01-21 23:47:36 | 000,493,924 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2010-01-21 23:47:36 | 000,435,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2010-01-21 23:47:36 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2010-01-21 23:47:36 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2010-01-21 23:47:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2010-01-21 23:47:36 | 000,085,208 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2010-01-21 23:47:36 | 000,068,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2010-01-21 23:47:36 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2010-01-21 23:47:36 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2010-01-21 23:47:36 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2010-01-21 23:47:36 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2010-01-21 23:47:36 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2010-01-21 23:47:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2010-01-21 23:47:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2009-09-09 17:01:40 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [color=#E56717]========== LOP Check ==========[/color] [2011-04-19 21:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems [2011-04-19 20:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FreeDownloadManager.ORG [2011-10-30 21:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Hitman Pro [2011-05-25 13:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Juniper Networks [2011-06-01 10:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Lexmark Pro200-S500 Series [2011-04-13 20:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ralink Driver [2011-04-19 21:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SafeNet Sentinel [2011-04-19 21:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SPSS [2011-06-08 13:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Thomson.ResearchSoft.Installers [2011-06-25 20:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\ACD Systems [2011-09-29 09:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\EndNote [2011-11-01 23:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Free Download Manager [2011-04-15 20:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\GHISLER [2011-10-24 11:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Juniper Networks [2011-08-30 20:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Dane aplikacji\Thunderbird [color=#E56717]========== Purity Check ==========[/color] < End of report >

OTL extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-11-02 20:28:30 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = F:\FORUM\OTL Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,79 Mb Total Physical Memory | 476,53 Mb Available Physical Memory | 46,59% Memory free 2,40 Gb Paging File | 1,80 Gb Available in Paging File | 75,20% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 57,10 Gb Total Space | 29,63 Gb Free Space | 51,89% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 1,82 Gb Free Space | 4,88% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 26,44 Gb Free Space | 54,14% Space Free | Partition Type: NTFS Drive F: | 175,78 Gb Total Space | 4,34 Gb Free Space | 2,47% Space Free | Partition Type: NTFS Drive G: | 62,95 Gb Total Space | 1,96 Gb Free Space | 3,11% Space Free | Partition Type: NTFS Computer Name: KRZYSIEK | User Name: Dom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1708537768-329068152-1606980848-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\lxebcoms.exe" = C:\WINDOWS\system32\lxebcoms.exe:*:Enabled:Pro200-S500 Series Server -- ( ) "D:\ASIA\SPSS\statistics.exe" = D:\ASIA\SPSS\statistics.exe:*:Disabled:Statistics17:exe -- (SPSS Inc) "D:\ASIA\SPSS\statistics.com" = D:\ASIA\SPSS\statistics.com:*:Disabled:Statistics17:com -- (SPSS Inc) "D:\ASIA\SPSS\SPSSWinWrapIDE.exe" = D:\ASIA\SPSS\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.) "C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware) "C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0297C87B-CC40-446F-865A-031B4FC0CF22}" = ToCA Race Driver 3 "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009 "{32FEA42D-3A59-49D9-8A2F-A3E2D8E663DF}" = SPSS SmartViewer 15.0 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MetaTrader Admiral Markets AS 4.00 "{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5758F1B9-E911-A4DC-F32E-3183A3EAA2CD}" = ccc-utility "{5CB817DC-E5B1-5111-1ECA-2D9F8E6134BB}" = CCC Help English "{5F3A7E60-BDB4-288C-A1A4-F8825D9DBBA6}" = Catalyst Control Center InstallProxy "{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10 "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3 "{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4 "{88589E19-665C-4575-A4A0-CE9C43C51045}" = Nero 8 "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Polish "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Professional Business 2010.SP2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{E5810CC7-4D59-FA3E-5CFD-0C28CB40F949}" = Catalyst Control Center "{E8E27E0D-7A44-AF39-7D75-DC0C9C615A14}" = Catalyst Control Center Localization All "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217 "{F3E15CDA-BD74-CD08-B286-A19E1B1A0647}" = Catalyst Control Center Graphics Previews Common "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "BSPlayer1" = BSPlayer "CCleaner" = CCleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "ffdshow_is1" = ffdshow v1.1.3984 [2011-09-22] "FormatFactory" = FormatFactory 2.70 "Free Download Manager_is1" = Free Download Manager 3.5 RC "HaaliMkx" = Haali Media Splitter "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series "Matroska Pack" = Matroska Pack "MatroskaProp" = MatroskaProp (remove only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 6.0.1 (x86 pl)" = Mozilla Firefox 6.0.1 (x86 pl) "Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1) "PowerDVD" = PowerDVD "Product_Name" = Planit Millennium II "Rainbow Sentinel Driver" = Sentinel System Driver "RealAlt_is1" = Real Alternative 1.9.0 Lite "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper "Totalcmd" = Total Commander (Remove or Repair) "Winamp" = Winamp [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1708537768-329068152-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CGoban 3" = CGoban 3 "JForex Client" = JForex Client "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-09-22 15:46:40 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 15:46:55 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 15:47:58 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 15:48:09 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 16:34:45 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-22 16:34:47 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca AcroRd32.exe, wersja 10.1.1.33, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-09-27 05:00:37 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.1.4259, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-10-10 07:25:08 | Computer Name = KRZYSIEK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd acrord32.exe, wersja 10.1.1.33, moduł powodujący błąd acrord32.dll, wersja 10.1.1.33, adres błędu 0x000218f8. Error - 2011-10-17 06:51:46 | Computer Name = KRZYSIEK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd acrord32.exe, wersja 10.1.1.33, moduł powodujący błąd acrord32.dll, wersja 10.1.1.33, adres błędu 0x000218f8. Error - 2011-10-30 16:36:41 | Computer Name = KRZYSIEK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca TOTALCMD.EXE, wersja 7.5.5.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2011-10-31 11:57:29 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-11-01 16:22:27 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxebCATSCustConnectService. Error - 2011-11-01 16:22:27 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-11-02 03:32:59 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxebCATSCustConnectService. Error - 2011-11-02 03:32:59 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-11-02 12:21:28 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxebCATSCustConnectService. Error - 2011-11-02 12:21:28 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 Error - 2011-11-02 12:24:51 | Computer Name = KRZYSIEK | Source = WPDMTPDriver | ID = 80836 Description = MTP WPD Driver has failed to start. Error 0x8007001f. Error - 2011-11-02 14:01:11 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7009 Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą lxebCATSCustConnectService. Error - 2011-11-02 14:01:11 | Computer Name = KRZYSIEK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi lxebCATSCustConnectService z powodu następującego błędu: %%1053 < End of report >

GMER

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-02 22:28:00 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20 ST3250824A rev.3.AAE Running: vb13ht25.exe; Driver: C:\DOCUME~1\Dom\USTAWI~1\Temp\kxloqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAE6A7FBA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAE6A88B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAE6C1AEE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAE6A8E26] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAE6A8D14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAE6C1E06] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xAE6A9056] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xAE6A921E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAE6A7D76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAE6A8F3E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAE6C3110] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAE6A85E6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAE6C1ECE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAE6A953C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAE6BC084] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAE6BD88E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAE6A88F6] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAE6AA53C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAE6BD088] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAE6BDA38] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAE6A962E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAE6BCBC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAE6BCE1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAE6A9B9A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAE6C030A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAE6A8EB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAE6A8DA0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAE6A81F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAE6A997E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAE6A8FD0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAE6A80E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xAE6C3120] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAE6BBEB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAE6BD698] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xAE6C0500] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAE6A9EC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAE6BD488] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAE6A97CE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAE6BC198] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAE6BC80C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAE6C2048] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAE6C1F96] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAE6C20B4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAE6BCA14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAE6AA3DE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAE6BC33E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xAE6BC4D4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xAE6BC670] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAE6C1C76] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAE6A8756] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAE6A93E8] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAE6AA010] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAE6BD248] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAE6AA104] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAE6AA23E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAE6A945E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAE6A8392] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAE6A82EA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAE6A9D78] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAE6A847C] Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [06, 1E, 6C, AE, 56, 90, 6A, ...] {PUSH ES; PUSH DS; INSB ; SCASB ; PUSH ESI; NOP ; PUSH -0x52; PUSH DS; XCHG EDX, EAX; PUSH -0x52} .text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 16 Bytes [76, 7D, 6A, AE, 3E, 8F, 6A, ...] .text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [2E, 96, 6A, AE, C0, CB, 6B, ...] .text ntoskrnl.exe!ZwYieldExecution + 276 804E4AD0 4 Bytes [E8, 80, 6A, AE] .text ntoskrnl.exe!ZwYieldExecution + 376 804E4BD0 16 Bytes [98, C1, 6B, AE, 0C, C8, 6B, ...] {CWDE ; SHR DWORD [EBX-0x52], 0xc; ENTER 0xae6b, 0x48; AND [ESI+EBP*4-0x6a], CH; POP DS; INSB ; SCASB } .text ... .text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP AE69ADCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP AE69A9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF62AF000, 0x2A556C, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67] .text C:\Program Files\Mozilla Firefox\firefox.exe[2728] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6F79DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F6F79DC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] [F6F79C70] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[940] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7DFF04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1932] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk2\DR2 malicious Win32:MBRoot code @ sector 61 Disk \Device\Harddisk2\DR2 PE file @ sector 488392065 ---- EOF - GMER 1.0.15 ----

Dodano Dzisiaj, 21:22:
Witam,

Wklejam brakujący log z Kaspersky TDSS

Kod: Zaznacz wszystko: 20:14:29.0046 3004 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01 20:14:29.0359 3004 ============================================================ 20:14:29.0359 3004 Current date / time: 2011/11/02 20:14:29.0359 20:14:29.0359 3004 SystemInfo: 20:14:29.0359 3004 20:14:29.0359 3004 OS Version: 5.1.2600 ServicePack: 3.0 20:14:29.0359 3004 Product type: Workstation 20:14:29.0359 3004 ComputerName: KRZYSIEK 20:14:29.0359 3004 UserName: Dom 20:14:29.0359 3004 Windows directory: C:\WINDOWS 20:14:29.0359 3004 System windows directory: C:\WINDOWS 20:14:29.0359 3004 Processor architecture: Intel x86 20:14:29.0359 3004 Number of processors: 2 20:14:29.0359 3004 Page size: 0x1000 20:14:29.0359 3004 Boot type: Normal boot 20:14:29.0359 3004 ============================================================ 20:14:30.0171 3004 Initialize success 20:14:50.0281 2928 ============================================================ 20:14:50.0281 2928 Scan started 20:14:50.0281 2928 Mode: Manual; SigCheck; TDLFS; 20:14:50.0281 2928 ============================================================ 20:14:50.0750 2928 Abiosdsk - ok 20:14:50.0781 2928 abp480n5 - ok 20:14:50.0906 2928 ACPI (05118282f5d039595a2b92b4a4afe197) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:14:51.0328 2928 ACPI - ok 20:14:51.0406 2928 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:14:51.0562 2928 ACPIEC - ok 20:14:51.0578 2928 adpu160m - ok 20:14:51.0609 2928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:14:51.0781 2928 aec - ok 20:14:51.0812 2928 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:14:51.0812 2928 AegisP ( UnsignedFile.Multi.Generic ) - warning 20:14:51.0812 2928 AegisP - detected UnsignedFile.Multi.Generic (1) 20:14:51.0843 2928 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys 20:14:51.0890 2928 AFD - ok 20:14:51.0921 2928 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 20:14:52.0093 2928 agp440 - ok 20:14:52.0109 2928 Aha154x - ok 20:14:52.0125 2928 aic78u2 - ok 20:14:52.0156 2928 aic78xx - ok 20:14:52.0187 2928 AliIde - ok 20:14:52.0203 2928 amsint - ok 20:14:52.0218 2928 asc - ok 20:14:52.0234 2928 asc3350p - ok 20:14:52.0250 2928 asc3550 - ok 20:14:52.0312 2928 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys 20:14:52.0328 2928 Aspi32 ( UnsignedFile.Multi.Generic ) - warning 20:14:52.0328 2928 Aspi32 - detected UnsignedFile.Multi.Generic (1) 20:14:52.0359 2928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:14:52.0515 2928 AsyncMac - ok 20:14:52.0546 2928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:14:52.0718 2928 atapi - ok 20:14:52.0734 2928 Atdisk - ok 20:14:52.0921 2928 ati2mtag (6660b58e893499fb5cc7f92923d3f720) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 20:14:53.0156 2928 ati2mtag ( UnsignedFile.Multi.Generic ) - warning 20:14:53.0156 2928 ati2mtag - detected UnsignedFile.Multi.Generic (1) 20:14:53.0203 2928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:14:53.0359 2928 Atmarpc - ok 20:14:53.0390 2928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:14:53.0546 2928 audstub - ok 20:14:53.0593 2928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:14:53.0734 2928 Beep - ok 20:14:53.0781 2928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:14:53.0937 2928 cbidf2k - ok 20:14:53.0953 2928 cd20xrnt - ok 20:14:53.0968 2928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:14:54.0140 2928 Cdaudio - ok 20:14:54.0187 2928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:14:54.0359 2928 Cdfs - ok 20:14:54.0390 2928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:14:54.0562 2928 Cdrom - ok 20:14:54.0562 2928 Changer - ok 20:14:54.0593 2928 CmdIde - ok 20:14:54.0625 2928 Cpqarray - ok 20:14:54.0671 2928 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys 20:14:54.0718 2928 ctac32k - ok 20:14:54.0765 2928 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys 20:14:54.0796 2928 ctaud2k - ok 20:14:54.0843 2928 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys 20:14:54.0984 2928 ctljystk - ok 20:14:55.0015 2928 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys 20:14:55.0046 2928 ctprxy2k - ok 20:14:55.0078 2928 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys 20:14:55.0093 2928 ctsfm2k - ok 20:14:55.0109 2928 dac2w2k - ok 20:14:55.0125 2928 dac960nt - ok 20:14:55.0171 2928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:14:55.0328 2928 Disk - ok 20:14:55.0390 2928 dmboot (bc9219abc5696942e6f9ac8a9b28670f) C:\WINDOWS\system32\drivers\dmboot.sys 20:14:55.0578 2928 dmboot - ok 20:14:55.0593 2928 dmio (5fa232e3ba6e1346f9f5a7e519320cb0) C:\WINDOWS\system32\drivers\dmio.sys 20:14:55.0765 2928 dmio - ok 20:14:55.0781 2928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:14:55.0937 2928 dmload - ok 20:14:55.0968 2928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:14:56.0140 2928 DMusic - ok 20:14:56.0171 2928 dpti2o - ok 20:14:56.0187 2928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:14:56.0328 2928 drmkaud - ok 20:14:56.0359 2928 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys 20:14:56.0515 2928 emu10k - ok 20:14:56.0546 2928 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys 20:14:56.0671 2928 emu10k1 - ok 20:14:56.0718 2928 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys 20:14:56.0750 2928 emupia - ok 20:14:56.0781 2928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:14:56.0937 2928 Fastfat - ok 20:14:56.0968 2928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 20:14:57.0125 2928 Fdc - ok 20:14:57.0140 2928 Fips (09e2a4d33f81a06a8aab2ba0a0b5d235) C:\WINDOWS\system32\drivers\Fips.sys 20:14:57.0312 2928 Fips - ok 20:14:57.0343 2928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20:14:57.0500 2928 Flpydisk - ok 20:14:57.0531 2928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 20:14:57.0718 2928 FltMgr - ok 20:14:57.0843 2928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:14:58.0015 2928 Fs_Rec - ok 20:14:58.0078 2928 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:14:58.0359 2928 Ftdisk - ok 20:14:58.0656 2928 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 20:14:59.0000 2928 gameenum - ok 20:14:59.0140 2928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:14:59.0359 2928 Gpc - ok 20:14:59.0437 2928 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys 20:14:59.0546 2928 ha10kx2k - ok 20:14:59.0703 2928 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:14:59.0890 2928 hidusb - ok 20:14:59.0921 2928 hpn - ok 20:14:59.0968 2928 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys 20:15:00.0015 2928 HTTP - ok 20:15:00.0062 2928 i2omgmt - ok 20:15:00.0093 2928 i2omp - ok 20:15:00.0156 2928 i8042prt (177b372af55c4460d0968b5f1d02aa1c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:15:00.0343 2928 i8042prt - ok 20:15:00.0421 2928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:15:00.0578 2928 Imapi - ok 20:15:00.0609 2928 ini910u - ok 20:15:00.0656 2928 IntelIde (0d3140db49f05b2b69467bd5daf1c94b) C:\WINDOWS\system32\DRIVERS\intelide.sys 20:15:00.0796 2928 IntelIde - ok 20:15:00.0828 2928 intelppm (da153edc09de8c4f846c085caa39d1cc) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:15:00.0968 2928 intelppm - ok 20:15:01.0000 2928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 20:15:01.0140 2928 Ip6Fw - ok 20:15:01.0187 2928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:15:01.0359 2928 IpFilterDriver - ok 20:15:01.0390 2928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:15:01.0531 2928 IpInIp - ok 20:15:01.0562 2928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:15:01.0703 2928 IpNat - ok 20:15:01.0718 2928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:15:01.0875 2928 IPSec - ok 20:15:01.0906 2928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:15:01.0984 2928 IRENUM - ok 20:15:02.0015 2928 isapnp (c8eef2e93835b81bd335de2123121283) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:15:02.0156 2928 isapnp - ok 20:15:02.0203 2928 Kbdclass (2aeca45d4aeaacbdcb77ad11184e4601) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:15:02.0359 2928 Kbdclass - ok 20:15:02.0390 2928 kbdhid (f718dcddac2544bc693f22977d06f78b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:15:02.0515 2928 kbdhid - ok 20:15:02.0562 2928 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys 20:15:02.0625 2928 KL1 - ok 20:15:02.0640 2928 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys 20:15:02.0656 2928 kl2 - ok 20:15:02.0718 2928 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys 20:15:02.0750 2928 KLIF - ok 20:15:02.0796 2928 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys 20:15:02.0812 2928 klim5 - ok 20:15:02.0843 2928 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys 20:15:02.0859 2928 klmouflt - ok 20:15:02.0906 2928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:15:03.0062 2928 kmixer - ok 20:15:03.0093 2928 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys 20:15:03.0125 2928 KSecDD - ok 20:15:03.0156 2928 lbrtfdc - ok 20:15:03.0218 2928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:15:03.0375 2928 mnmdd - ok 20:15:03.0390 2928 Modem (4a068db7dc37d5afedb6512d2931d7b3) C:\WINDOWS\system32\drivers\Modem.sys 20:15:03.0531 2928 Modem - ok 20:15:03.0562 2928 Mouclass (fbed3df6b884f8cf00447b73507f2c48) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:15:03.0687 2928 Mouclass - ok 20:15:03.0734 2928 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:15:03.0875 2928 mouhid - ok 20:15:03.0906 2928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:15:04.0046 2928 MountMgr - ok 20:15:04.0062 2928 mraid35x - ok 20:15:04.0078 2928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:15:04.0218 2928 MRxDAV - ok 20:15:04.0265 2928 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:15:04.0328 2928 MRxSmb - ok 20:15:04.0359 2928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:15:04.0500 2928 Msfs - ok 20:15:04.0546 2928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:15:04.0671 2928 MSKSSRV - ok 20:15:04.0703 2928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:15:04.0843 2928 MSPCLOCK - ok 20:15:04.0859 2928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:15:05.0015 2928 MSPQM - ok 20:15:05.0062 2928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:15:05.0187 2928 mssmbios - ok 20:15:05.0234 2928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:15:05.0265 2928 Mup - ok 20:15:05.0296 2928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:15:05.0421 2928 NDIS - ok 20:15:05.0453 2928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:15:05.0484 2928 NdisTapi - ok 20:15:05.0515 2928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:15:05.0640 2928 Ndisuio - ok 20:15:05.0656 2928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:15:05.0796 2928 NdisWan - ok 20:15:05.0843 2928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:15:05.0875 2928 NDProxy - ok 20:15:05.0890 2928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:15:06.0046 2928 NetBIOS - ok 20:15:06.0062 2928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:15:06.0218 2928 NetBT - ok 20:15:06.0281 2928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:15:06.0421 2928 Npfs - ok 20:15:06.0468 2928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:15:06.0640 2928 Ntfs - ok 20:15:06.0671 2928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:15:06.0812 2928 Null - ok 20:15:06.0843 2928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:15:07.0000 2928 NwlnkFlt - ok 20:15:07.0015 2928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:15:07.0156 2928 NwlnkFwd - ok 20:15:07.0218 2928 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys 20:15:07.0234 2928 ossrv - ok 20:15:07.0265 2928 Parport (2d4cdaebced17743aa9e25d3016dc229) C:\WINDOWS\system32\DRIVERS\parport.sys 20:15:07.0406 2928 Parport - ok 20:15:07.0437 2928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:15:07.0578 2928 PartMgr - ok 20:15:07.0609 2928 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys 20:15:07.0750 2928 ParVdm - ok 20:15:07.0781 2928 PCI (6862c69168d787b85a7d95ccd33c694e) C:\WINDOWS\system32\DRIVERS\pci.sys 20:15:07.0937 2928 PCI - ok 20:15:07.0953 2928 PCIDump - ok 20:15:07.0968 2928 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\drivers\PCIIde.sys 20:15:08.0109 2928 PCIIde - ok 20:15:08.0125 2928 Pcmcia (8db27f1ae9593c94095485305a583862) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 20:15:08.0265 2928 Pcmcia - ok 20:15:08.0281 2928 PDCOMP - ok 20:15:08.0296 2928 PDFRAME - ok 20:15:08.0312 2928 PDRELI - ok 20:15:08.0328 2928 PDRFRAME - ok 20:15:08.0390 2928 perc2 - ok 20:15:08.0437 2928 perc2hib - ok 20:15:08.0500 2928 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\system32\PfModNT.sys 20:15:08.0531 2928 PfModNT ( UnsignedFile.Multi.Generic ) - warning 20:15:08.0531 2928 PfModNT - detected UnsignedFile.Multi.Generic (1) 20:15:08.0562 2928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:15:08.0687 2928 PptpMiniport - ok 20:15:08.0734 2928 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys 20:15:08.0750 2928 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning 20:15:08.0750 2928 PQNTDrv - detected UnsignedFile.Multi.Generic (1) 20:15:08.0781 2928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:15:08.0921 2928 PSched - ok 20:15:08.0953 2928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:15:09.0078 2928 Ptilink - ok 20:15:09.0125 2928 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:15:09.0140 2928 PxHelp20 - ok 20:15:09.0156 2928 ql1080 - ok 20:15:09.0171 2928 Ql10wnt - ok 20:15:09.0187 2928 ql12160 - ok 20:15:09.0203 2928 ql1240 - ok 20:15:09.0218 2928 ql1280 - ok 20:15:09.0265 2928 RAPIProtocol (488090449877fb7f9c2aff9ebf6689da) C:\WINDOWS\system32\DRIVERS\RAPIProtocol.sys 20:15:09.0265 2928 RAPIProtocol ( UnsignedFile.Multi.Generic ) - warning 20:15:09.0265 2928 RAPIProtocol - detected UnsignedFile.Multi.Generic (1) 20:15:09.0296 2928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:15:09.0437 2928 RasAcd - ok 20:15:09.0468 2928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:15:09.0609 2928 Rasl2tp - ok 20:15:09.0640 2928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:15:09.0765 2928 RasPppoe - ok 20:15:09.0796 2928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:15:09.0921 2928 Raspti - ok 20:15:09.0953 2928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:15:10.0093 2928 Rdbss - ok 20:15:10.0125 2928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:15:10.0265 2928 RDPCDD - ok 20:15:10.0312 2928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:15:10.0437 2928 rdpdr - ok 20:15:10.0484 2928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 20:15:10.0515 2928 RDPWD - ok 20:15:10.0546 2928 redbook (e0c7bbd18040b58651bac700c804861d) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:15:10.0687 2928 redbook - ok 20:15:10.0765 2928 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys 20:15:10.0828 2928 rt2870 - ok 20:15:10.0906 2928 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010.SP2\WNt500x86\Sandra.sys 20:15:10.0921 2928 SANDRA - ok 20:15:11.0015 2928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:15:11.0078 2928 Secdrv - ok 20:15:11.0125 2928 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 20:15:11.0140 2928 Sentinel ( UnsignedFile.Multi.Generic ) - warning 20:15:11.0140 2928 Sentinel - detected UnsignedFile.Multi.Generic (1) 20:15:11.0171 2928 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:15:11.0312 2928 serenum - ok 20:15:11.0328 2928 Serial (d07b02f88165e69b9f17162cf592c8a6) C:\WINDOWS\system32\DRIVERS\serial.sys 20:15:11.0453 2928 Serial - ok 20:15:11.0500 2928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:15:11.0625 2928 Sfloppy - ok 20:15:11.0656 2928 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys 20:15:11.0796 2928 sfman - ok 20:15:11.0859 2928 Si3112 (c17ead2a29695916eba59cec1f7f96a0) C:\WINDOWS\system32\drivers\Si3112.sys 20:15:11.0859 2928 Si3112 ( UnsignedFile.Multi.Generic ) - warning 20:15:11.0859 2928 Si3112 - detected UnsignedFile.Multi.Generic (1) 20:15:11.0890 2928 Si3114r5 (62b429c87ed5d3655b70d574d31b807b) C:\WINDOWS\system32\drivers\Si3114r5.sys 20:15:11.0906 2928 Si3114r5 ( UnsignedFile.Multi.Generic ) - warning 20:15:11.0906 2928 Si3114r5 - detected UnsignedFile.Multi.Generic (1) 20:15:11.0937 2928 Si3124 (aaaa385ffbaaf3fd89f8ce26ff0d0751) C:\WINDOWS\system32\drivers\Si3124.sys 20:15:11.0953 2928 Si3124 ( UnsignedFile.Multi.Generic ) - warning 20:15:11.0953 2928 Si3124 - detected UnsignedFile.Multi.Generic (1) 20:15:11.0968 2928 Si3132 (4cdaf939df995b0eefd91e069bfda30d) C:\WINDOWS\system32\drivers\Si3132.sys 20:15:11.0984 2928 Si3132 - ok 20:15:12.0015 2928 Si3132r5 (0a5df632416fdfa8a265f6ca2b80f23b) C:\WINDOWS\system32\drivers\Si3132r5.sys 20:15:12.0046 2928 Si3132r5 - ok 20:15:12.0062 2928 Si3531 (93beacc3815a4653a655c8bd7622ff63) C:\WINDOWS\system32\drivers\Si3531.sys 20:15:12.0093 2928 Si3531 - ok 20:15:12.0109 2928 Simbad - ok 20:15:12.0125 2928 Sparrow - ok 20:15:12.0171 2928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:15:12.0312 2928 splitter - ok 20:15:12.0359 2928 sr (eb032822be406ef220d546ddffcf0002) C:\WINDOWS\system32\DRIVERS\sr.sys 20:15:12.0453 2928 sr - ok 20:15:12.0500 2928 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys 20:15:12.0546 2928 Srv - ok 20:15:12.0593 2928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:15:12.0734 2928 swenum - ok 20:15:12.0765 2928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:15:12.0890 2928 swmidi - ok 20:15:12.0906 2928 symc810 - ok 20:15:12.0937 2928 symc8xx - ok 20:15:12.0953 2928 sym_hi - ok 20:15:12.0968 2928 sym_u3 - ok 20:15:13.0000 2928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:15:13.0140 2928 sysaudio - ok 20:15:13.0187 2928 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:15:13.0250 2928 Tcpip - ok 20:15:13.0281 2928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:15:13.0406 2928 TDPIPE - ok 20:15:13.0437 2928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:15:13.0578 2928 TDTCP - ok 20:15:13.0609 2928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:15:13.0750 2928 TermDD - ok 20:15:13.0765 2928 TosIde - ok 20:15:13.0828 2928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:15:13.0953 2928 Udfs - ok 20:15:13.0968 2928 ultra - ok 20:15:14.0000 2928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:15:14.0156 2928 Update - ok 20:15:14.0203 2928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:15:14.0343 2928 usbccgp - ok 20:15:14.0359 2928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:15:14.0500 2928 usbehci - ok 20:15:14.0515 2928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:15:14.0656 2928 usbhub - ok 20:15:14.0687 2928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:15:14.0828 2928 usbprint - ok 20:15:14.0859 2928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:15:15.0015 2928 usbscan - ok 20:15:15.0046 2928 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys 20:15:15.0171 2928 usbser - ok 20:15:15.0187 2928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:15:15.0343 2928 USBSTOR - ok 20:15:15.0375 2928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:15:15.0500 2928 usbuhci - ok 20:15:15.0531 2928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:15:15.0671 2928 VgaSave - ok 20:15:15.0687 2928 ViaIde - ok 20:15:15.0734 2928 VolSnap (56b191ac5fc0df219949c95a6c87afe7) C:\WINDOWS\system32\drivers\VolSnap.sys 20:15:15.0875 2928 VolSnap - ok 20:15:15.0906 2928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:15:16.0046 2928 Wanarp - ok 20:15:16.0062 2928 WDICA - ok 20:15:16.0093 2928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:15:16.0234 2928 wdmaud - ok 20:15:16.0296 2928 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys 20:15:16.0312 2928 WmBEnum - ok 20:15:16.0343 2928 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys 20:15:16.0359 2928 WmFilter - ok 20:15:16.0375 2928 WmHidLo (1f596392149cac51f7c095af7d533934) C:\WINDOWS\system32\drivers\WmHidLo.sys 20:15:16.0406 2928 WmHidLo - ok 20:15:16.0453 2928 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys 20:15:16.0468 2928 WmVirHid - ok 20:15:16.0484 2928 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys 20:15:16.0500 2928 WmXlCore - ok 20:15:16.0531 2928 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:15:16.0562 2928 WpdUsb - ok 20:15:16.0609 2928 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:15:16.0625 2928 WudfPf - ok 20:15:16.0656 2928 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:15:16.0703 2928 WudfRd - ok 20:15:16.0734 2928 MBR (0x1B8) (32052574bf9f325ae309abc7bfd04460) \Device\Harddisk0\DR0 20:15:17.0000 2928 \Device\Harddisk0\DR0 - ok 20:15:17.0031 2928 MBR (0x1B8) (32052574bf9f325ae309abc7bfd04460) \Device\Harddisk1\DR1 20:15:17.0218 2928 \Device\Harddisk1\DR1 - ok 20:15:17.0234 2928 MBR (0x1B8) (32052574bf9f325ae309abc7bfd04460) \Device\Harddisk2\DR2 20:15:17.0390 2928 \Device\Harddisk2\DR2 - ok 20:15:17.0406 2928 Boot (0x1200) (e56f81283068bcfc894536f1d69c010a) \Device\Harddisk0\DR0\Partition0 20:15:17.0406 2928 \Device\Harddisk0\DR0\Partition0 - ok 20:15:17.0406 2928 Boot (0x1200) (4cc426b3c875e704dcfe5e7ace042814) \Device\Harddisk1\DR1\Partition0 20:15:17.0406 2928 \Device\Harddisk1\DR1\Partition0 - ok 20:15:17.0453 2928 Boot (0x1200) (3a69613f8f5c6f70ec196bf1fc25530e) \Device\Harddisk1\DR1\Partition1 20:15:17.0453 2928 \Device\Harddisk1\DR1\Partition1 - ok 20:15:17.0453 2928 Boot (0x1200) (d4a7f4ae7c4f20ed76a3366da88fd8a9) \Device\Harddisk2\DR2\Partition0 20:15:17.0453 2928 \Device\Harddisk2\DR2\Partition0 - ok 20:15:17.0484 2928 Boot (0x1200) (f6122a992531848714cc1a75f3e99b5f) \Device\Harddisk2\DR2\Partition1 20:15:17.0484 2928 \Device\Harddisk2\DR2\Partition1 - ok 20:15:17.0484 2928 ============================================================ 20:15:17.0484 2928 Scan finished 20:15:17.0484 2928 ============================================================ 20:15:17.0625 3940 Detected object count: 10 20:15:17.0625 3940 Actual detected object count: 10 20:15:22.0718 3940 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0718 3940 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:15:22.0718 3940 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0718 3940 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:15:22.0718 3940 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0718 3940 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:15:22.0718 3940 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0718 3940 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:15:22.0718 3940 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0718 3940 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:15:22.0734 3940 RAPIProtocol ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0734 3940 RAPIProtocol ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:15:22.0734 3940 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0734 3940 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:15:22.0734 3940 Si3112 ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0734 3940 Si3112 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:15:22.0734 3940 Si3114r5 ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0734 3940 Si3114r5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:15:22.0734 3940 Si3124 ( UnsignedFile.Multi.Generic ) - skipped by user 20:15:22.0734 3940 Si3124 ( UnsignedFile.Multi.Generic ) - User select action: Skip

**Posty:** 18165 · przez **wojtas** 06 Lis 2011, 22:08

odpal Jeszcze raz Kaspra i co znajdzie daj Cure.. potem wszystkie nowe logi łącznie z Kasprem ( jak dajesz Cure )