ale nevyzera to dobre... vidim tam nejaky mbr.sys, ak je to to
No hned to sem dam...
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Rootkit - C:\Windows\System32\drivers\rmesth.sys
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
jaaaj, aha
ale nevyzera to dobre... vidim tam nejaky mbr.sys, ak je to to
No hned to sem dam...
ale nevyzera to dobre... vidim tam nejaky mbr.sys, ak je to to
No hned to sem dam...
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
Mbr.sys je ok, neděste se dopředu 
.
Máte tušení, kde jste k takovým mrškám přišla? U win7 není až tak jednoduché se dostat do pc, musíte tam tu mršku pustit
.Máte tušení, kde jste k takovým mrškám přišla? U win7 není až tak jednoduché se dostat do pc, musíte tam tu mršku pustit
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
ved prave to netusim, resp tusim.
Nemala som antivir nainstalovany a stahovala som nejake filmy cez torrent
tak mozno vtedy?
fakt netusim, lebo potom ja si prezeram na nete asi tak 10 stranok dokopy a aj to take obyc, ako FB, noviny, gmail...
Nemala som antivir nainstalovany a stahovala som nejake filmy cez torrent
tak mozno vtedy? fakt netusim, lebo potom ja si prezeram na nete asi tak 10 stranok dokopy a aj to take obyc, ako FB, noviny, gmail...
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
Ty torenty jsou možné, ale musela jste povolit nějakému programu vstup nebo admin.práva .
Počkám ještě na gmer. Jinak zvěřinec se chová jak?
.Počkám ještě na gmer. Jinak zvěřinec se chová jak?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
tak ono mi to tu bezne vyskakuje, ci povolit pristup, to muselo byt nejako dobre zakamuflovane potom, lebo keby tam bolonapisane, ze som super tazko odstranitelny virus, asi by som ho nepustila
Hm, no zverinec, praveze je ticho, on iba dakedy zhodi system, ale inak v pohode. Nic extra mi tu tie zvery zatial nerobia.
A kolko takych zvierat som tu mala? Teraz by to uz malo byt vycistene?
Hm, no zverinec, praveze je ticho, on iba dakedy zhodi system, ale inak v pohode. Nic extra mi tu tie zvery zatial nerobia.
A kolko takych zvierat som tu mala? Teraz by to uz malo byt vycistene?
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-13 22:24:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK1237GSX rev.DL140D
Running: gmer.exe; Driver: C:\Users\Saga\AppData\Local\Temp\kxrdypow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DCB1BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DCB19D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DCB1B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C575C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7C052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82DB5279 7 Bytes JMP 8DCB1B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E1CF59 5 Bytes JMP 8DCAD5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E36C5F 5 Bytes JMP 8DCAF012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82E44CE3 7 Bytes JMP 8DCB19D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EEEE12 7 Bytes JMP 8DCB1BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Users\Saga\AppData\Local\Temp\mbr.sys Systém nemôže nájsť zadaný súbor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1380] kernel32.dll!SetUnhandledExceptionFilter 75E73162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!closesocket 77A93BED 5 Bytes JMP 000660E7
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!recv 77A947DF 5 Bytes JMP 00065CE2
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!WSASend 77A968A7 5 Bytes JMP 00065DBD
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!WSARecv 77A9C29F 5 Bytes JMP 00065E6C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!send 77A9C4C8 5 Bytes JMP 00065C6F
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!gethostbyname 77AA7133 5 Bytes JMP 000663C8
.text C:\Windows\Explorer.EXE[1640] Explorer.EXE 0031317E 2 Bytes [0C, 16] {OR AL, 0x16}
.text C:\Windows\Explorer.EXE[1640] Explorer.EXE 00313190 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text C:\Windows\Explorer.EXE[1640] kernel32.dll!CreateProcessInternalW 75E742CE 5 Bytes JMP 00247207
? C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] USER32.dll!NotifyWinEvent + 48B 75D6F724 4 Bytes [70, 11, 33, 6D]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74532494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74515624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7453250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74528573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74524D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74528819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7452907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7452E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74524C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 003001D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00300240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 003002B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00300320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00300710
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 00300780
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00300A20
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00300A90
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00300B00
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00300B70
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 01400DA0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 01400E10
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 01400E80
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 01400EF0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01400F60
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75F00860
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 75F008D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 75F00940
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 75F009B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00300BE0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00300C50
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F00A20
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 75F00A90
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 75F00B00
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 75F00B70
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 75F00BE0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 75F00C50
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 779E06A0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 779E0710
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 779E0780
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 779E07F0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 01410400
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 01410470
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 014104E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 01410550
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 014105C0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 01410630
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 014106A0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 779E09B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 01410710
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01410780
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003101D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 014202B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 01420320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01420390
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003102B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 01420400
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01420470
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 014204E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01420550
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 014205C0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01420630
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 014206A0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01420710
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01420780
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00310320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 00310390
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00310400
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01420B70
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01420BE0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 779E0240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 779E02B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F004E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 75F00390
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 75F001D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 75F00320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 75F002B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 75F00240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 75F000F0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 75F00320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 75F000F0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 75F00240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F004E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 75F00470
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 75F00400
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 779E0240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F004E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 75F00390
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 75F00240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 75F002B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 75F000F0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 75F001D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 75F00160
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000072 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000074 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\fastfat \Fat 9BF9C130
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197ed91eec
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197ed91eec (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-12-13 22:24:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK1237GSX rev.DL140D
Running: gmer.exe; Driver: C:\Users\Saga\AppData\Local\Temp\kxrdypow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DCB1BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DCB19D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DCB1B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C575C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7C052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82DB5279 7 Bytes JMP 8DCB1B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E1CF59 5 Bytes JMP 8DCAD5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E36C5F 5 Bytes JMP 8DCAF012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82E44CE3 7 Bytes JMP 8DCB19D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EEEE12 7 Bytes JMP 8DCB1BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Users\Saga\AppData\Local\Temp\mbr.sys Systém nemôže nájsť zadaný súbor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1380] kernel32.dll!SetUnhandledExceptionFilter 75E73162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!closesocket 77A93BED 5 Bytes JMP 000660E7
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!recv 77A947DF 5 Bytes JMP 00065CE2
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!WSASend 77A968A7 5 Bytes JMP 00065DBD
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!WSARecv 77A9C29F 5 Bytes JMP 00065E6C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!send 77A9C4C8 5 Bytes JMP 00065C6F
.text C:\Program Files\Mozilla Firefox\firefox.exe[1544] WS2_32.dll!gethostbyname 77AA7133 5 Bytes JMP 000663C8
.text C:\Windows\Explorer.EXE[1640] Explorer.EXE 0031317E 2 Bytes [0C, 16] {OR AL, 0x16}
.text C:\Windows\Explorer.EXE[1640] Explorer.EXE 00313190 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text C:\Windows\Explorer.EXE[1640] kernel32.dll!CreateProcessInternalW 75E742CE 5 Bytes JMP 00247207
? C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] USER32.dll!NotifyWinEvent + 48B 75D6F724 4 Bytes [70, 11, 33, 6D]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74532494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74515624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7453250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74528573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74524D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74528819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7452907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7452E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1640] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74524C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 003001D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00300240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 003002B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00300320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00300710
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 00300780
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00300A20
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00300A90
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00300B00
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00300B70
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 01400DA0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 01400E10
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 01400E80
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] 01400EF0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01400F60
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 75F00860
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 75F008D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 75F00940
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 75F009B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00300BE0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00300C50
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F00A20
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 75F00A90
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 75F00B00
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 75F00B70
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 75F00BE0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 75F00C50
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 779E06A0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 779E0710
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 779E0780
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 779E07F0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 01410400
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 01410470
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 014104E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 01410550
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 014105C0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 01410630
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 014106A0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 779E09B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] 01410710
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01410780
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003101D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 014202B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 01420320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 01420390
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003102B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 01420400
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 01420470
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 014204E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 01420550
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 014205C0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01420630
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 014206A0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01420710
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01420780
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00310320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 00310390
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00310400
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01420B70
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01420BE0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 779E0240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 779E02B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F004E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 75F00390
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 75F001D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 75F00320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 75F002B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 75F00240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 75F000F0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] 75F00320
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 75F000F0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 75F00240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F004E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 75F00470
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 75F00400
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 779E0240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 75F004E0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 75F00390
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 75F00240
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 75F002B0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 75F000F0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 75F001D0
IAT C:\Users\Saga\Desktop\Virus Removal Tool\setup_9.0.0.722_03.09.2010_20-26\setup_9.0.0.722_03.09.2010_20-26.exe[3032] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 75F00160
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000072 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000074 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\fastfat \Fat 9BF9C130
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197ed91eec
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197ed91eec (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
NO Obvykle se mbr rootkit moc neprojevuje, je hezky schovanej v mbr sektoru, kde ho nikdo moc nevidí a vesele si komunikuje se světem 
.
Měla jste tam toho docela dost
, těžko říct, jestli si to tam natahal mbr rootkit, nebo to byl nějaký jiný zdroj.
Pokud Vám spadne systém, měl by se Vám vytvořit soubor ve složce c:\windows\minidump. Pokud Vám zase pc spadne, tak mrkněte po tom souboru a když tak mi ho sem v raru vložte do přílohy, koukneme se, kdo nám to dělá
Gmer je v pořádku , ještě bych zkusila jeden program, pak už Vás propustím s Avptoolem na dobrou noc . Ten prográmek bude rychlý
Stáhněte Bootkit Remover http://www.esagelab.com/files/bootkit_remover.rar
-uložte ho na plochu a spusťte
- pravým tlačítkem myši klikněte do černého okna, zvolte Vybrat vše, stiskněte CTRL+C a pak zde na foru CTRL+V.
.Měla jste tam toho docela dost
, těžko říct, jestli si to tam natahal mbr rootkit, nebo to byl nějaký jiný zdroj.Pokud Vám spadne systém, měl by se Vám vytvořit soubor ve složce c:\windows\minidump. Pokud Vám zase pc spadne, tak mrkněte po tom souboru a když tak mi ho sem v raru vložte do přílohy, koukneme se, kdo nám to dělá
Gmer je v pořádku
, ještě bych zkusila jeden program, pak už Vás propustím s Avptoolem na dobrou noc . Ten prográmek bude rychlý Stáhněte Bootkit Remover http://www.esagelab.com/files/bootkit_remover.rar-uložte ho na plochu a spusťte
- pravým tlačítkem myši klikněte do černého okna, zvolte Vybrat vše, stiskněte CTRL+C a pak zde na foru CTRL+V.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
v ciernom okne mi vypisuje toto: ERROR: Can't open volume device \\.\C:
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
Nevadí.
Dnes už Vás propustím .
Spustte Avptool, zítra mi napište, zda něco našel. Pak poprosím ještě o nový log ze Rsitu. A napište, jak se chová počítač
Dnes už Vás propustím
.Spustte Avptool, zítra mi napište, zda něco našel. Pak poprosím ještě o nový log ze Rsitu. A napište, jak se chová počítač
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
takze dnes dam dokoncit ten sken.
log pripnem sem. Potom dam rsit.
Ok, tak teda dobru noc bez virusov
Zajtra vecer tu budem, mozno ten lolg sem hodim aj rano este, podla toho ako vstanem
log pripnem sem. Potom dam rsit.
Ok, tak teda dobru noc bez virusov
Zajtra vecer tu budem, mozno ten lolg sem hodim aj rano este, podla toho ako vstanem
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
Fajn, já se ráno kouknu a uvidíme. Dobrou noc
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
sprava z kaspersky removal tool:
Autoscan: completed 7 hours ago (events: 11, objects: 208983, time: 01:05:38)
13. 12. 2010 22:47:31 Task started
13. 12. 2010 23:17:25 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_copy.exe/PE_Patch
13. 12. 2010 23:17:32 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_audio.exe/PE_Patch
13. 12. 2010 23:17:35 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_data.exe/PE_Patch
13. 12. 2010 23:18:07 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_discimage.exe/PE_Patch
13. 12. 2010 23:18:10 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_dvdvideo.exe/PE_Patch
13. 12. 2010 23:18:17 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_image.exe/PE_Patch
13. 12. 2010 23:18:22 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_mp3.exe/PE_Patch
13. 12. 2010 23:50:34 Detected: Trojan.Win32.Qhost.nkw C:\_OTL\MovedFiles\12132010_203427\C_WINDOWS\System32\drivers\etc\hosts
13. 12. 2010 23:50:56 Deleted: Trojan.Win32.Qhost.nkw C:\_OTL\MovedFiles\12132010_203427\C_WINDOWS\System32\drivers\etc\hosts
13. 12. 2010 23:53:09 Task completed
pridem aj ja zase az tak vecer, okolo 19tej.
Autoscan: completed 7 hours ago (events: 11, objects: 208983, time: 01:05:38)
13. 12. 2010 22:47:31 Task started
13. 12. 2010 23:17:25 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_copy.exe/PE_Patch
13. 12. 2010 23:17:32 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_audio.exe/PE_Patch
13. 12. 2010 23:17:35 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_data.exe/PE_Patch
13. 12. 2010 23:18:07 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_discimage.exe/PE_Patch
13. 12. 2010 23:18:10 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_dvdvideo.exe/PE_Patch
13. 12. 2010 23:18:17 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_image.exe/PE_Patch
13. 12. 2010 23:18:22 Detected: HEUR:Trojan.Win32.Generic C:\Program Files\BurnAware Professional\burnaware_mp3.exe/PE_Patch
13. 12. 2010 23:50:34 Detected: Trojan.Win32.Qhost.nkw C:\_OTL\MovedFiles\12132010_203427\C_WINDOWS\System32\drivers\etc\hosts
13. 12. 2010 23:50:56 Deleted: Trojan.Win32.Qhost.nkw C:\_OTL\MovedFiles\12132010_203427\C_WINDOWS\System32\drivers\etc\hosts
13. 12. 2010 23:53:09 Task completed
pridem aj ja zase az tak vecer, okolo 19tej.
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
Tento program máte nelegální? že v něm AVptool něco našel 
C:\Program Files\BurnAware Professional\
Poprosím o nový log ze Rsitu, jen dočistíme po použitých programech a pokud počítač nezlobí, tak máme hotovo . Pro jistotu bych jste se mi ještě za týden ozvala s logem z Mbr.exe, zda je vše v pořádku.
C:\Program Files\BurnAware Professional\
Poprosím o nový log ze Rsitu, jen dočistíme po použitých programech a pokud počítač nezlobí, tak máme hotovo
. Pro jistotu bych jste se mi ještě za týden ozvala s logem z Mbr.exe, zda je vše v pořádku. Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
ano, je nelegalny. Co s tym mam robit? on ten Avptpool to uz vycistil?
Vecer budem pokracovat teraz som v praci.
Vecer budem pokracovat
teraz som v praci.Re: Rootkit - C:\Windows\System32\drivers\rmesth.sys
On Vám něco z něj smazal , odinstalujte ho. Nelegální programy tu nepodporujeme, různé cracky a keygeny bývají často zdrojem virů, takže jistě chápete, že když se tu staráme o bezpečnost počítače, tak tomu nelegální progrmy tak nějak odporují
, odinstalujte ho. Nelegální programy tu nepodporujeme, různé cracky a keygeny bývají často zdrojem virů, takže jistě chápete, že když se tu staráme o bezpečnost počítače, tak tomu nelegální progrmy tak nějak odporují Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?