Follow us on...
Follow us on Twitter Follow us on Facebook Watch us on YouTube

Giúp các bé đáng thương ấy với

Gameshow “Ai Là Triệu Phú” trên VTV đang chờ đón bạn – Tải ngay!

Bán đấu giá ủng hộ từ thiện

Ngập tràn ưu đãi cho tín đồ công nghệ tại sony show 2014

Chiêm ngưỡng BaoMoi đẹp "tuyệt diệu" trên Windows Phone

Tin tức công nghệ mới
Trang 1/2 1 2 cuốicuối
kết quả từ 1 tới 15 trên 25
  1. #1
    ntdiam1991's Avatar
    ntdiam1991 vẫn chưa có mặt trong diễn đàn Búa Gỗ
    Tham gia
    Dec 2009
    Bài
    23
    Cảm ơn
    2
    Điểm
    3/3 bài viết

    Post máy bị nhiễm adware

    Mình thấy máy nhà mình có những hiện tượng giông như bị nhiễm adware như khi lên mạng thường có những trang quảng cáo hiện ra, .... Nhà mình cũng dùng phần mềm diệt virus kapersky 2010 và cũng đã phát hiện được và xóa được khá nhiều adware. Những ko hiểu sao những vị khách không mời mà đến vẫn xuất hiện. Vậy làm sao mới có thể tiêu diệt tận gốc vấn đề này.

  2. Có 1 thành viên cảm ơn ntdiam1991 cho bài viết này:
    xiao_gou_88 (13-12-2009)

  3. #2
    ntdiam1991's Avatar
    ntdiam1991 vẫn chưa có mặt trong diễn đàn Búa Gỗ
    Tham gia
    Dec 2009
    Bài
    23
    Cảm ơn
    2
    Điểm
    3/3 bài viết

    Default

    pro nào biết cách chỉ cho mình với.

  4. #3
    bolzano_1989's Avatar
    bolzano_1989 vẫn chưa có mặt trong diễn đàn Búa Đá Đôi
    Tham gia
    Oct 2008
    Bài
    113
    Cảm ơn
    186
    Điểm
    48/26 bài viết

    Default

    Hãy đảm bảo rằng bạn đã cài đặt, update đầy đủ và quét toàn bộ máy tính của bạn với . Nếu bạn không thực hiện việc này, ta sẽ dừng ở đây.

    Nếu máy bạn vẫn còn malware (virus...), bạn hãy thực hiện từng bước một theo đúng tuần tự và chuẩn xác các bước sau, có gì khó khăn cứ nói nhé :

    Lưu ý: Nếu bạn đang dùng Windows Vista/Windows 7, với mọi thao tác chạy các chương trình sau, bạn hãy chạy bằng cách click chuột phải vào icon của chương trình và chọn "Run as administrator".
    Tải và save vào máy các chương trình sau , nếu không tải được thì qua máy khác tải rồi chép vào máy bạn :
    hoặc
    hoặc
    Chạy file mbam-setup.exe, cài đặt xong thì chạy file mbam-rules.exe .
    Nếu việc chạy cài đặt không thuận lợi (không cài được), bạn tải lại từ web 2 file trên nhưng khi save vào máy thì dùng tên mabm.exe hoặc 1 tên bất kì nào đó với đuôi file .exe hoặc .com (miễn là không có từ khóa mbam hay malwarebytes ) .

    Chạy Malwarebytes' Anti-Malware, chọn "Perform Quick Scan" và Scan .
    Khi Scan xong và xuất hiện thông báo "The scan completed successfully. Click 'Show Results' to display all objects found" => click OK => click "Show Results" , kiểm tra xem tất cả ô lựa chọn đã được chọn chưa, nếu chưa thì click để tất cả ô được chọn
    => click "Remove Selected"
    => Malwarebytes' Anti-Malware sẽ tiến hành remove 1 số malware , cuối cùng sẽ yêu cầu bạn Restart . Đề nghị bạn Restart ngay khi Malwarebytes' Anti-Malware yêu cầu để quá trình diệt thuận lợi nhất .
    Khi diệt xong, Malwarebytes' Anti-Malware sẽ có 1 file log được tạo ra bạn gửi nội dung file log lên diễn đàn cho mình .

    Tiến hành Scan lại lần nữa với Malwarebytes' Anti-Malware theo đúng hướng dẫn ở trên, gửi log kết quả lần 2 .

    Thông báo tình hình sau khi thực hiện các thao tác trên .
    Tiếp theo, bạn tải vào ngay desktop và chạy RSIT :
    Chạy ở chế độ mặc định, cứ continue, yes, OK ...
    Nén,upload và đưa link 2 file sau : info.txt , log.txt

    Tải,giải nén và chạy GMER :
    GMER sau lần quét mặc định lúc khởi động, nếu gmer hỏi bạn có muốn Run Scan, bạn chọn No rồi thiết lập bỏ các lựa chọn sau đây * Sections * IAT/EAT * Những Drives/Partitions khác Systemdrive (thông thường là giữ lựa chọn C:\ , bỏ lựa chọn D,E ..) * Show All

    Xong rồi thì click Scan , scan xong thì click Save với tên là "gmer.txt" .
    Upload file này và đưa link cho mình .

    Vào link sau, tải vào ngay desktop ESET SysInspector tương ứng với Processor Architecture (32-bit hay 64-bit) của máy bạn và chạy ESET SysInspector :
    Click tab File (ở góc trên bên phải), chọn 'Save Log' => Save => Upload file này và đưa link cho mình .

    Tải vào ngay desktop và chạy Avira AntiVir Support Collector:
    Click "Start", click "Extended", chương trình sẽ tiến hành scan ở máy bạn.
    Chờ khi scan xong, upload file AVSUPINF.ZIP vừa được tạo ra ngay trên desktop của bạn lên host nào đó và đưa link cho mình .

    Tải : , giải nén, cho RootRepeal.exe vào ngay desktop.
    Tắt tất cả chương trình đang chạy trên máy kể cả ở thanh System tray (khay hệ thống) bao gồm cả Firewall, Antivirus và các chương trình liên quan security khác. Chạy RootRepeal.exe, click tab Report, click Scan, chọn tất cả các ô lựa chọn RootRepeal cho phép:


    => OK => chọn tiếp tất cả các ổ trong máy => OK.
    Chạy xong,click Save report, save với tên RootRepeal.txt, upload và đưa link file này cho mình.
    Chú ý: Nếu RootRepeal bị crash, restart và thực hiện những bước trên ở chế độ Safe Mode.

    Tắt tất cả chương trình đang chạy trên máy kể cả ở thanh System tray (khay hệ thống) bao gồm cả Firewall, Antivirus và các chương trình liên quan security khác.Hướng dẫn tắt 1 số security software nếu bạn chưa rõ ở , mình đề nghị bạn xem kĩ.
    Tải vào ngay desktop và chạy Lop S&D :
    Nếu bạn đang dùng Windows Vista/Windows 7, bạn hãy chạy Lop S&D bằng cách click chuột phải vào icon LopSD.exe và chọn "Run as administrator" để thực hiện việc scan.
    Chọn ngôn ngữ English bằng cách gõ: E rồi Enter , click OK.
    Gõ 1 để chọn Option 1 (Search) rồi Enter.
    Một report sẽ được tạo ra, bạn hãy save, upload và đưa link file này cho mình.
    Một copy của report này có thể được tìm thấy ở file có đường dẫn: %systemdrive%\lopR.txt ( C:\lopR.txt trong đa số các trường hợp ) .
    Bật trở lại Firewall, Antivirus và các chương trình liên quan security khác mà bạn đã tạm thời tắt.

    Thông báo tình hình máy bạn sau khi hoàn thành nhé.
    Gặp khó khăn hay nghi ngờ gì cứ post lên đây.

  5. Có 3 thành viên cảm ơn bolzano_1989 cho bài viết này:
    dinhvandinhtu (15-12-2009), kekhiepso (17-02-2013), ntdiam1991 (14-12-2009)

  6. #4
    ntdiam1991's Avatar
    ntdiam1991 vẫn chưa có mặt trong diễn đàn Búa Gỗ
    Tham gia
    Dec 2009
    Bài
    23
    Cảm ơn
    2
    Điểm
    3/3 bài viết

    Default

    bạn ơi mình không chạy được cái gmer. Nhưng khi dùng malware song mình thấy máy chạy nhanh hơn và ko con bị hiện lên những trang wed quảng cáo như trước nữa. Vậy mình có phải làm tiếp tục nũa ko. Mà nếu làm tiếp thì phải phải làm cách nào để chayk được cái gmer.

  7. #5
    bolzano_1989's Avatar
    bolzano_1989 vẫn chưa có mặt trong diễn đàn Búa Đá Đôi
    Tham gia
    Oct 2008
    Bài
    113
    Cảm ơn
    186
    Điểm
    48/26 bài viết

    Default

    Rất vui là tình hình máy bạn đã khả quan hơn.
    GMER báo lỗi hay có thông báo gì khi không chạy được không bạn ?
    Nếu có bạn hãy gửi đầy đủ thông tin cho mình.

    Bạn hãy tiếp tục với phần lấy log còn lại và gửi đầy đủ cho mình, tạm thời bỏ qua GMER.
    Hiện giờ, bạn chưa nên dừng lại vì GMER chạy không được khiến mình nghi ngờ vẫn còn malware chống GMER scan ở máy bạn, vì thế bạn nên tiếp tục.

  8. #6
    ntdiam1991's Avatar
    ntdiam1991 vẫn chưa có mặt trong diễn đàn Búa Gỗ
    Tham gia
    Dec 2009
    Bài
    23
    Cảm ơn
    2
    Điểm
    3/3 bài viết

    Default

    Nó báo lỗi này:" windows cannot access the specified device, path, or file. You may not have appropriate to access the iteam".
    cái log 1 la:
    Malwarebytes' Anti-Malware 1.42
    Database version: 3352
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    12/13/2009 6:47:26 PM
    mbam-log-2009-12-13 (18-47-26).txt

    Scan type: Quick Scan
    Objects scanned: 108980
    Time elapsed: 5 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 8
    Registry Keys Infected: 42
    Registry Values Infected: 4
    Registry Data Items Infected: 3
    Folders Infected: 43
    Files Infected: 72

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACECommon.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSubL.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPACommon.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOnSubL.dll (Adware.Agent) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars \{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars \{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\questservice (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\In ternet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extens ions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extens ions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\internet today task (Adware.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1190 (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Temp\cmw\newSetup (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Textual Content Provider\1.1.0.1610 (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1610\data (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190 (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630 (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\Data (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Content Management Wizard\1.1.0.1870 (Adware.Agent) -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\HottieStar Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190 (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Automated Content Enhancer (Adware.DoubleD) -> Delete on reboot.
    C:\Documents and Settings\User\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190 (Adware.DoubleD) -> Delete on reboot.
    C:\Documents and Settings\User\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190 (Adware.DoubleD) -> Files: 362 -> Delete on reboot.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630 (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Customized Platform Advancer (Adware.DoubleD) -> Delete on reboot.
    C:\Documents and Settings\User\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630 (Adware.DoubleD) -> Delete on reboot.
    C:\Documents and Settings\User\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630 (Adware.DoubleD) -> Files: 362 -> Delete on reboot.
    C:\Documents and Settings\User\Local Settings\Application Data\HottieStar Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Textual Content Provider (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Textual Content Provider\1.1.0.1610 (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Web Search Operator\3.1.0.1840 (Adware.DoubleD) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Internet Today\1.1.0.1190\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1190\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1190\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1190\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1190\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1190\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Internet Today\1.1.0.1190\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1610\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1610\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1610\for_anti_av\1.1.0.1610\TCPIE.d ll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1610\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Textual Content Provider\1.1.0.1610\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACECommon.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSubL.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFHelperCompo nent.js (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPACommon.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOnSubL.dll (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF\components\CPAFFHelperCompo nent.js (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1870\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1870\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1870\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1870\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1870\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1870\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1870\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Content Management Wizard\1.1.0.1870\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\QuestService\questservice129.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\QuestService\uninstall.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190\NP_20091205-131224.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190\NP_20091205-131311.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190\NP_20091207-230625.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5190\NP_20091207-230627.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630\HJHP_20091205-131224.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630\HJHP_20091205-131311.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630\HJHP_20091207-230625.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1630\HJHP_20091207-230627.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_DomainExcludeList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Textual Content Provider\1.1.0.1610\Data\TP_Data.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\Web Search Operator\3.1.0.1840\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\searchPlugins\questservice129.xml (Adware.DoubleD) -> Quarantined and deleted successfully.

    cái log 2 la
    Malwarebytes' Anti-Malware 1.42
    Database version: 3352
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    12/13/2009 7:32:54 PM
    mbam-log-2009-12-13 (19-32-54).txt

    Scan type: Quick Scan
    Objects scanned: 108664
    Time elapsed: 5 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  9. #7
    bolzano_1989's Avatar
    bolzano_1989 vẫn chưa có mặt trong diễn đàn Búa Đá Đôi
    Tham gia
    Oct 2008
    Bài
    113
    Cảm ơn
    186
    Điểm
    48/26 bài viết

    Default

    Tiếp tục gửi các log còn lại đi bạn.

  10. #8
    ntdiam1991's Avatar
    ntdiam1991 vẫn chưa có mặt trong diễn đàn Búa Gỗ
    Tham gia
    Dec 2009
    Bài
    23
    Cảm ơn
    2
    Điểm
    3/3 bài viết

    Default

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2009/12/13 23:27
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP2
    ==================================================

    Drivers
    -------------------
    Name: esihdrv.sys
    Image Path: C:\DOCUME~1\User\LOCALS~1\Temp\esihdrv.sys
    Address: 0xA8678000 Size: 118784 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xA8A79000 Size: 49152 File Visible: No Signed: -
    Status: -

    SSDT
    -------------------
    #: 011 Function Name: NtAdjustPrivilegesToken
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e58c

    #: 025 Function Name: NtClose
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19ee0c

    #: 031 Function Name: NtConnectPort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19f922

    #: 035 Function Name: NtCreateEvent
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19fe94

    #: 037 Function Name: NtCreateFile
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19f0ee

    #: 041 Function Name: NtCreateKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19d436

    #: 043 Function Name: NtCreateMutant
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19fd6c

    #: 044 Function Name: NtCreateNamedPipeFile
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e192

    #: 046 Function Name: NtCreatePort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19fc28

    #: 050 Function Name: NtCreateSection
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e34e

    #: 051 Function Name: NtCreateSemaphore
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19ffc6

    #: 052 Function Name: NtCreateSymbolicLinkObject
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a1c08

    #: 053 Function Name: NtCreateThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19eaaa

    #: 056 Function Name: NtCreateWaitablePort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19fcca

    #: 057 Function Name: NtDebugActiveProcess
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a15fa

    #: 063 Function Name: NtDeleteKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19d9fa

    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19dd88

    #: 066 Function Name: NtDeviceIoControlFile
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19f576

    #: 068 Function Name: NtDuplicateObject
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a25ca

    #: 071 Function Name: NtEnumerateKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19deca

    #: 073 Function Name: NtEnumerateValueKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19df74

    #: 084 Function Name: NtFsControlFile
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19f382

    #: 097 Function Name: NtLoadDriver
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a168c

    #: 098 Function Name: NtLoadKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19d412

    #: 099 Function Name: NtLoadKey2
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19d424

    #: 108 Function Name: NtMapViewOfSection
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a1cbc

    #: 111 Function Name: NtNotifyChangeKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e0c0

    #: 114 Function Name: NtOpenEvent
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19ff36

    #: 116 Function Name: NtOpenFile
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19ee8e

    #: 119 Function Name: NtOpenKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19d5dc

    #: 120 Function Name: NtOpenMutant
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19fe04

    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e792

    #: 125 Function Name: NtOpenSection
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a1c32

    #: 126 Function Name: NtOpenSemaphore
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a0068

    #: 128 Function Name: NtOpenThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e6b6

    #: 160 Function Name: NtQueryKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e01e

    #: 161 Function Name: NtQueryMultipleValueKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19dc46

    #: 167 Function Name: NtQuerySection
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a1fd4

    #: 177 Function Name: NtQueryValueKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19d896

    #: 180 Function Name: NtQueueApcThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a1922

    #: 192 Function Name: NtRenameKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19db0e

    #: 193 Function Name: NtReplaceKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19d2b0

    #: 194 Function Name: NtReplyPort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a03f2

    #: 195 Function Name: NtReplyWaitReceivePort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a02b8

    #: 200 Function Name: NtRequestWaitReplyPort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a139a

    #: 204 Function Name: NtRestoreKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a4e2c

    #: 206 Function Name: NtResumeThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a24ac

    #: 207 Function Name: NtSaveKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19d248

    #: 210 Function Name: NtSecureConnectPort
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19f65c

    #: 213 Function Name: NtSetContextThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19ecc8

    #: 230 Function Name: NtSetInformationToken
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a0c4a

    #: 237 Function Name: NtSetSecurityObject
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a1786

    #: 240 Function Name: NtSetSystemInformation
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a2114

    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19d71e

    #: 253 Function Name: NtSuspendProcess
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a21f8

    #: 254 Function Name: NtSuspendThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a2320

    #: 255 Function Name: NtSystemDebugControl
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a1526

    #: 257 Function Name: NtTerminateProcess
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e90a

    #: 258 Function Name: NtTerminateThread
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e860

    #: 267 Function Name: NtUnmapViewOfSection
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1a1e8a

    #: 277 Function Name: NtWriteVirtualMemory
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa19e9ea

    Shadow SSDT
    -------------------
    #: 013 Function Name: NtGdiBitBlt
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1afca6

    #: 227 Function Name: NtGdiMaskBlt
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1afd70

    #: 237 Function Name: NtGdiPlgBlt
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1afdda

    #: 292 Function Name: NtGdiStretchBlt
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1afd0a

    #: 307 Function Name: NtUserAttachThreadInput
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1af8ba

    #: 323 Function Name: NtUserCallOneParam
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1afc72

    #: 378 Function Name: NtUserFindWindowEx
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1afaa8

    #: 383 Function Name: NtUserGetAsyncKeyState
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1af822

    #: 414 Function Name: NtUserGetKeyboardState
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1afbaa

    #: 416 Function Name: NtUserGetKeyState
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1af86e

    #: 460 Function Name: NtUserMessageCall
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1af9fa

    #: 475 Function Name: NtUserPostMessage
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1af950

    #: 476 Function Name: NtUserPostThreadMessage
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1af9a4

    #: 491 Function Name: NtUserRegisterRawInputDevices
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1afb3a

    #: 502 Function Name: NtUserSendInput
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1afa5a

    #: 549 Function Name: NtUserSetWindowsHookEx
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1af772

    #: 552 Function Name: NtUserSetWinEventHook
    Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaa1af7c8

    ==EOF==

    ---------- Bài viết được nhập tự động vào lúc 10:10 ----------

    ESET
    ESET SysInspector End User License and Service Agreement

    IMPORTANT NOTICE TO USERS: READ THE FOLLOWING LEGAL AGREEMENT CAREFULLY BEFORE
    USING THE ESET SOFTWARE PRODUCTS OR SERVICES (REFERRED TO COLLECTIVELY HEREIN AS
    "SOFTWARE"). PRIOR TO DOWNLOAD, INSTALLATION, COPY OR USE PLEASE READ THE BELOW
    TERMS. BY CLICKING "I ACCEPT" DURING THE DOWNLOAD, INSTALLATION, COPY OR USE OF THE
    SOFTWARE, YOU EXPRESS YOUR CONSENT TO AND ACCEPT THE TERMS AND CONDITIONS OF
    THIS AGREEMENT. IF YOU DISAGREE WITH ANY PROVISIONS OF THIS AGREEMENT, PROMPTLY
    CLICK ON THE BUTTON "DECLINE" OR "I DO NOT ACCEPT," TO CANCEL THE DOWNLOAD,
    INSTALLATION OR USE OF THE SOFTWARE.

    "YOU," "YOUR," OR "LICENSEE" MEANS YOU AS AN INDIVIDUAL IF YOU ARE USING THIS SERVICE
    AND SOFTWARE FOR PERSONAL USE. IF YOU ARE USING THE SERVICE AND SOFTWARE ON
    EQUIPMENT OWNED OR OPERATED BY A COMPANY OR ORGANIZATION, BY ACCEPTING THIS
    AGREEMENT YOU REPRESENT THAT YOU ARE DULY AUTHORIZED TO ACCEPT THIS AGREEMENT
    ON BEHALF OF YOUR COMPANY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO
    NOT DOWNLOAD, INSTALL, COPY, OR USE THE SOFTWARE. THIS IS NOT A PURCHASE CONTRACT
    BUT AN AGREEMENT GOVERNING THE RIGHTS OF THE LICENSEE. SOFTWARE IS LICENSED NOT
    SOLD. ESET REMAINS THE OWNER OF THE COPY OF THE SOFTWARE AS WELL AS OF ALL COPIES
    OF THE SOFTWARE TO WHICH YOU ARE ENTITLED UNDER THIS AGREEMENT.

    WHEREAS, Licensor has the right to license and distribute the Software; and

    WHEREAS, Licensee desires to acquire from Licensor, and Licensor desires to grant to Licensee, a
    non-exclusive, non-transferable, non-sublicensable license to utilize the Software, on the terms and subject to
    the conditions set forth in this Agreement (the "License").

    The foregoing Notice and Recitals form part of the terms and conditions of this Agreement and are expressly
    incorporated herein.

    NOW, THEREFORE, in consideration of the mutual promises and covenants set forth herein and for other
    good and valuable consideration, the receipt, sufficiency, and adequacy of which are mutually acknowledged
    by each party, it is agreed as follows:

    1. Software. The Software in this Agreement shall mean (i) ESET SysInspector, including all its parts, (ii) the
    contents of disks, CD-ROM, DVD medium, e-mail reports and all their attachments, if any, or other medium
    to which this Agreement is attached, including the Software supplied in the form of an object code on a
    CD-ROM, DVD medium or via electronic mail through the Internet, (iii) any explaining materials and any
    documentation related to the Software including, without limitation, any description of the Software, its
    specification, description of properties, description of control, description of interface in which the Software is
    used, a manual or installation handbook of the Software or any description of the correct use of the Software
    (the “Documentation”), and (iv) copies of the Software, repairs of errors, if any, of the Software, additions to
    the Software, extensions of the Software, modified versions of the Software, new versions of the Software
    and all upgrades of Software parts, if supplied, in respect of which the Licensor grants you the License
    pursuant to Article 4 hereof. The Licensor shall supply the Software only in the form of executable code.

    2. Scope of the Software. The Software it will examine the system to determine its configuration. The
    software is a "read-only" program in that it is designed to only collect information and not make any changes
    to the computer on which it is running.

    3. Installation and use. The Software supplied on a CD-ROM or DVD medium, sent via electronic mail,
    downloaded from the Internet, downloaded from servers of the Licensor, or obtained from other sources may
    require installation. You must install and/or use the Software on a correctly configured computer complying at
    least with requirements set out in the Documentation. The manner of installation and/or use is specified in the
    Documentation. No computer programs or hardware, which could unfavorably affect the Software, may be
    installed on the computer on which you install and/or use the Software.

    4. License. Provided that you have agreed to this Agreement, the Licensor grants you a free-of-charge,
    non-exclusive, non-transferable, and non-sublicensable right to install the Software on the hard disk of a
    single computer or on a similar single medium for permanent storing of data, to install and store the Software
    to the memory of a single computer system and to implement, store and display the Software on single
    computer system.

    5. Limitation of Rights of the Licensee. You may not copy, distribute, separate its parts or create derived
    versions of the Software, subject to the following exceptions: (a) You may create for yourself one copy of
    the Software on a medium for permanently storing data as a back-up copy, provided that your archive
    back-up copy shall not be installed or used on any other computer. The creation of any other copy of the
    Software shall be a violation of this Agreement; (b) You may not use, modify, interpret, reproduce, assign, or
    transfer rights to use the Software or copies of the Software in any manner other than as provided for in this
    Agreement; (c) You may not sell the Software, sublicense or lease the Software to another person, receive
    an assignment of the Software from another person, or lend the Software to another person; (d) You may not
    analyze, decompile, disassemble, adapt, merge, translate, or reverse compile the Software or seek to obtain
    the source code associated with the Software in any other manner, except for the scope in which such
    limitation is explicitly prohibited by law nor may you authorize others to do any of the foregoing; (e) You may
    not create any derivative works based on the Software; (f) You agree to use the Software only in the manner
    that is in accordance with all applicable laws under which you use the Software including, without limitation, to
    the Copyright laws of the United States found in title 17 to the United States Code and to other Intellectual
    Property laws in the United States or elsewhere.

    6. Intellectual Property. The Software and all rights including, without limitation, legal title and Intellectual
    Property rights therein are the property of Licensor and/or its license providers. Licensor and its license
    providers are protected by provisions of international treaties and by all other applicable laws of the country
    in which the Software is used. The structure, organization and code of the Software may be protected by
    Patents, Copyrights, and international treaty provisions and are trade secrets and confidential information of
    Licensor and/or its license providers. You acknowledge that no title to the Intellectual Property in the
    Software is transferred to you. You further acknowledge that title and full ownership rights to the Software will
    remain the exclusive property of Licensor or its suppliers, and you will not acquire any rights to the Software
    except as expressly set forth in this Agreement. You may not copy the Software, with the exception
    specified in Article 5(a). Any copies that you may create hereunder must contain the same notices of
    Copyrights and legal title as specified on or in the Software. If you analyze, decompile, disassemble, adapt,
    merge, translate, or reverse compile the source code or seek to obtain the source code in any other manner
    in violation of the provisions of this Agreement, any information thereby obtained shall automatically
    and irrevocably be deemed transferred to the Licensor and owned by the Licensor in full from the moment of
    the origin thereof.

    7. Reservation of Rights. All rights to the Software, except for the rights expressly granted in this Agreement
    to you as the Licensee of the Software, are reserved by the Licensor for itself.

    8. Commencement and Term of the Agreement. This Agreement is valid and effective immediately upon the
    installation of the Software. You may terminate this Agreement by permanently deleting or destroying the
    Software, all back-up copies, if any, and all related materials that you have obtained from the Licensor. Your
    rights as the Licensee shall automatically and immediately terminate without any notice from the Licensor if
    you fail to comply with any provision of this Agreement. In such a case, you must promptly delete or
    destroy the Software, all back-up copies, if any, and all related materials. Without regard to the manner of
    termination of this Agreement, the provisions of its Articles 6, 7, 9, 11, 12, 13, 15, 16, 17, and 18 shall
    remain valid without the limitation of time and shall survive the termination of the Agreement.

    9. Disclaimer of Warranties. (a) Licensor warrants that the Software will perform substantially as specified in
    the user manuals and other documentation delivered with the Software and that the Software diskettes, if
    any, will be free of defects in materials and workmanship for 30 days after the date of Licensee's receipt of
    the Software; provided, however, that Licensor shall not be liable under this warranty if the Software has
    been modified or altered by anyone other than Licensor, if the Software has been abused or misapplied, or if
    Licensee has failed to incorporate all upgrades provided to Licensee by Licensor. In the event of a breach of
    this warranty, Licensee may return the defective Software to Licensor for either: (i) a refund of the licensee
    fee paid to Licensor by Licensee hereunder, or (ii) Licensor's replacement of the Software without charge.
    Refund or replacement of defective Software are Licensee's exclusive remedies for breach of this warranty.
    (b) EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION 9, LICENSOR DOES NOT MAKE ANY
    WARRANTIES, EXPRESS OR IMPLIED, CONCERNING THE SOFTWARE OR THE APPLICATION,
    OPERATION OR USE THEREOF, THE DATA GENERATED BY THE OPERATION OR USE THEREOF, OR
    ANY SUPPORT SERVICES RENDERED WITH RESPECT THERETO. LICENSOR HEREBY EXCLUDES ALL
    IMPLIED WARRANTIES TO THE EXTENT PERMITTED BY LAW, INCLUDING, SPECIFICALLY, ANY
    IMPLIED WARRANTY ARISING BY STATUTE OR OTHERWISE IN LAW OR FROM A COURSE OF
    DEALING OR USAGE OF TRADE. LICENSOR HEREBY EXCLUDES ALL IMPLIED WARRANTIES OF
    MERCHANTABILITY, OR OF MERCHANTABLE QUALITY, OR OF FITNESS FOR ANY PURPOSE,
    PARTICULARLY, SPECIFIC OR OTHERWISE, OR OF NONINFRINGEMENT, CONCERNING THE
    SOFTWARE AND THE APPLICATION, OPERATION OR USE THEREOF.

    10. No Further Obligations. This Agreement imposes no other obligations on the Licensor except for the
    obligations specifically listed in this Agreement.

    11. Limitation of Remedy. Licensee acknowledges and agrees that it has independently verified that the
    Software is appropriate for the purposes for which Licensee intends to use the software, and that Licensee
    did not rely upon any skill or judgment of Licensor in such selection. Licensee assumes the entire risk related
    to the use of the Software. Licensor’s liability in contract, tort or otherwise in connection with the Software or
    this Agreement shall not exceed the license fee paid to Licensor by Licensee for the Software.
    REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE
    OR OTHERWISE, LICENSEE FURTHER AGREES THAT NEITHER LICENSOR NOR ITS LICENSORS
    SHALL BE LIABLE TO LICENSEE OR ANY OTHER PERSON OR ENTITY FOR DAMAGES IN THE FORM
    OF CONSEQUENTIAL, INCIDENTAL OR SPECIAL DAMAGES, LOST PROFITS, LOST SAVINGS, LOSS OF
    GOODWILL OR OTHERWISE, OR FOR EXEMPLARY DAMAGES, RESULTING FROM LICENSEE’S USE
    OR INABILITY TO USE THE SOFTWARE OR FROM ANY SUPPORT SERVICES RENDERED WITH
    RESPECT THERETO, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
    DAMAGES. Because certain countries and certain laws do not permit the exclusion of liability but may allow
    the limitation of liability, the liability of the Licensor, its employees or license providers shall be limited to 5
    dollars in United States currency.

    12. Dispute Resolution. (a) Except as set forth in this Section 12, any claim or dispute between the Licensor
    and the Licensee pertaining to or arising out of the Agreement (including, without limitation, the negotiation or
    assent to the Agreement, or the interpretation, performance or breach of any provision of the Agreement)
    shall be arbitrated in the State of California before a single neutral arbitrator under the Commercial Arbitration
    Rules of the American Arbitration Association. Any arbitration award shall be accompanied by a written
    opinion of the arbitrator giving the reasons for the award, which award may be entered as a judgment in any
    court of competent jurisdiction. This provision for arbitration shall be specifically enforceable by the parties
    and, except as otherwise provided by applicable law, the decision of the arbitrator in accordance herewith
    shall be final and binding. The arbitrator shall have the power to issue and grant permanent injunctive relief
    and other equitable orders and remedies. Any such arbitration shall be conducted in confidence and in
    accordance with the confidentiality provisions of this Agreement. Each party shall pay its own expenses of
    arbitration and the expenses of the arbitrator shall be equally shared. (b) Licensee recognizes that Licensor
    will be irreparably harmed in the event of its breach or threatened breach of this Agreement, and that,
    notwithstanding anything contained herein to the contrary, Licensor may commence an action in any court of
    competent jurisdiction, to obtain equitable relief to prevent such breach or threatened breach at any time prior
    to the commencement of an arbitration proceeding and, if an arbitration proceeding has been commenced, at
    any time until an arbitration award is rendered in such arbitration proceeding or the claim or dispute is
    otherwise resolved. Licensee shall reimburse Licensor for all fees, costs and expenses including, without
    limitation, attorneys’ fees, costs and expenses incurred by Licensor in taking such court action to obtain
    equitable relief. Licensor shall not be deemed to have waived its right to arbitrate any dispute, claim or
    controversy by reason of seeking such equitable relief.

    13. Export and Re-export Compliance. The Software, the Documentation, or parts thereof, including the
    information about the Software and parts thereof, shall be subject to the measures on monitoring of imports
    and exports under legal regulations, which may be issued by the governments competent for the issuance
    thereof under applicable law. You agree to strictly comply with all applicable import and export regulations and
    acknowledge that you shall be held liable for the obtaining of licenses for export, re-export, transfer, or import
    of the Software. By accepting this Agreement, you confirm that you are not a resident of any country that is
    currently embargoed by the United States. A list of embargoed countries is available at the official Web site
    of the Office of Foreign Assets Control of the U.S. Department of the Treasury at
    .

    14. Notices. All notices intended for the Licensor must be delivered to Attn:
    Chief Legal Officer, ESET, spol. s.r.o.,
    Aupark Tower, 16th floor, Einsteinova 24,
    851 01 Bratislava, Slovak Republic.

    15. Jurisdiction. This Agreement shall be governed, construed, and enforced in accordance with the laws of
    the State of California, U.S.A. The Licensee and the Licensor agree that conflict provisions of the governing
    law and United Nations Convention on Contracts for the International Sale of Goods shall not apply. You
    expressly agree that exclusive jurisdiction for any claim or dispute with the Licensor or relating in any way to
    your use of the Software resides in San Diego, California and you further agree and expressly consent to the
    exercise of the personal jurisdiction in San Diego, California in connection with any such dispute or claim.
    You agree to waive any defenses based on venue, the inconvenience of the forum, the lack of personal
    jurisdiction, and the adequacy of service of process.

    16. Severability. If a court or other competent tribunal in any jurisdiction finds any provision of this
    Agreement invalid or unenforceable in whole or in part under the applicable law, such invalidity shall not
    affect the remaining provisions of the Agreement, which shall remain in full force and effect. The same shall
    apply with respect to any gaps in this Agreement. Instead of the invalid provision, a valid provision coming
    as close as possible to the economic intent of the invalid provision shall be regarded as agreed. The same
    shall apply with respect to any gaps. Any amendments hereto may only be made in writing and a statutory
    representative must sign such an amendment on behalf of the Licensor.

    17. Back-Up. Prior to using the Software, you agree to back-up your computer system(s) on a separate
    media. You acknowledge that any failure to do so may significantly decrease your ability to mitigate any
    harm or damage arising from any problem or error in the Software.

    18. Entire Agreement. This Agreement between you and the Licensor represents the single and entire
    Agreement applying to the Software and completely supersedes any prior representations, negotiations,
    obligations, reports, advertisements of information related to the Software, agreements, or understandings,
    whether written or oral, relating to the subject matter of this Agreement.

    -------------------------------------------------------------------
    This agreement on use of the Software (the "Agreement") accepted by assent hereto by and between
    ESET, spol. s r. o., with its principal place of business at Aupark Tower, Einsteinova 24, 851 01 Bratislava,
    Slovak Republic registered in the Commercial Register of the District Court Bratislava I. Section Sro,
    Insertion No 3586/B, BIN: 31 333 535 (hereinafter referred to as "Licensor" or "ESET") and you (hereinafter
    referred to as "You," "Your," or "Licensee"), an individual or legal entity, entitles you to use the Software
    defined in Article 1 hereof. The Software defined in Article 1 hereof may be stored on a CD-ROM or DVD
    medium, sent via electronic mail, downloaded from the Internet, downloaded from servers of the Licensor or
    obtained from other sources under the terms and circumstances discussed below.

    ---------- Bài viết đã được nhập tự động bởi hệ thống ----------

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel Pentium III Xeon processor )
    BIOS : Default System BIOS
    USER : User ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Internet Security 9.0.0.736 (Not Activated)
    Firewall : Kaspersky Internet Security 9.0.0.736 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - FAT32 - Total:29 Go (Free:19 Go)
    D:\ (Local Disk) - FAT32 - Total:58 Go (Free:57 Go)
    E:\ (Local Disk) - FAT32 - Total:61 Go (Free:51 Go)
    F:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( Sun 12/13/2009|23:31 )

    --------------------\\ Listing folders in APPLIC~1

    [07/18/2008|04:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

    [10/24/2009|07:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ACD Systems
    [07/18/2008|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
    [11/11/2009|08:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
    [12/05/2009|05:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
    [11/22/2009|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg9
    [07/18/2008|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
    [12/06/2009|09:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
    [12/02/2009|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hagel Technologies
    [08/25/2008|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab
    [12/06/2009|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files
    [12/13/2009|06:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
    [07/18/2008|04:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
    [11/04/2009|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
    [12/04/2009|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
    [08/25/2008|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
    [08/25/2008|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

    [07/18/2008|04:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

    [07/18/2008|04:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
    [12/05/2009|01:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla

    [10/24/2009|07:20] C:\DOCUME~1\USER\APPLIC~1\<DIR> ACD Systems
    [03/06/2009|04:17] C:\DOCUME~1\USER\APPLIC~1\<DIR> Adobe
    [10/19/2009|11:43] C:\DOCUME~1\USER\APPLIC~1\<DIR> Bkav
    [11/11/2009|07:31] C:\DOCUME~1\USER\APPLIC~1\<DIR> CyberLink
    [12/04/2009|10:43] C:\DOCUME~1\USER\APPLIC~1\<DIR> DMCache
    [10/26/2009|08:20] C:\DOCUME~1\USER\APPLIC~1\<DIR> Foxit
    [08/25/2008|08:41] C:\DOCUME~1\USER\APPLIC~1\<DIR> FreeCommander
    [12/06/2009|09:18] C:\DOCUME~1\USER\APPLIC~1\<DIR> Google
    [10/09/2009|10:36] C:\DOCUME~1\USER\APPLIC~1\<DIR> Help
    [07/18/2008|04:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> Identities
    [12/04/2009|10:43] C:\DOCUME~1\USER\APPLIC~1\<DIR> IDM
    [07/18/2008|04:51] C:\DOCUME~1\USER\APPLIC~1\<DIR> InstallShield
    [03/06/2009|04:16] C:\DOCUME~1\USER\APPLIC~1\<DIR> Macromedia
    [12/13/2009|06:37] C:\DOCUME~1\USER\APPLIC~1\<DIR> Malwarebytes
    [11/22/2009|03:37] C:\DOCUME~1\USER\APPLIC~1\<DIR> Media Player Classic
    [07/18/2008|04:29] C:\DOCUME~1\USER\APPLIC~1\<DIR> Microsoft
    [10/26/2009|08:17] C:\DOCUME~1\USER\APPLIC~1\<DIR> Mozilla
    [10/26/2009|05:32] C:\DOCUME~1\USER\APPLIC~1\<DIR> Styler
    [12/04/2009|10:34] C:\DOCUME~1\USER\APPLIC~1\<DIR> TeamViewer
    [10/26/2009|12:16] C:\DOCUME~1\USER\APPLIC~1\<DIR> TeraCopy
    [10/26/2009|06:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> Toolbars

    --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

    [12/13/2009 10:29 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [08/03/2004 06:07 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing Folders in C:\Program Files

    [10/24/2009|07:12] C:\Program Files\<DIR> ACD Systems
    [07/18/2008|02:02] C:\Program Files\<DIR> ACE Mega CoDecS Pack
    [07/18/2008|01:56] C:\Program Files\<DIR> Adobe
    [10/26/2009|08:20] C:\Program Files\<DIR> AskSearch
    [11/22/2009|09:52] C:\Program Files\<DIR> AVG
    [07/18/2008|04:30] C:\Program Files\<DIR> Common Files
    [07/18/2008|04:37] C:\Program Files\<DIR> ComPlus Applications
    [07/18/2008|02:00] C:\Program Files\<DIR> CyberLink
    [10/16/2009|10:18] C:\Program Files\<DIR> DiskTrix
    [12/02/2009|09:07] C:\Program Files\<DIR> DU Meter
    [08/25/2008|08:43] C:\Program Files\<DIR> everestultimate450
    [11/08/2009|10:21] C:\Program Files\<DIR> FLVPlayer
    [10/26/2009|08:20] C:\Program Files\<DIR> Foxit Software
    [11/29/2009|09:37] C:\Program Files\<DIR> Garena
    [12/06/2009|09:18] C:\Program Files\<DIR> Google
    [07/18/2008|04:50] C:\Program Files\<DIR> InstallShield Installation Information
    [07/18/2008|04:47] C:\Program Files\<DIR> Intel
    [12/04/2009|10:43] C:\Program Files\<DIR> Internet Download Manager
    [07/18/2008|04:38] C:\Program Files\<DIR> Internet Explorer
    [12/06/2009|11:54] C:\Program Files\<DIR> Kaspersky Lab
    [11/22/2009|03:37] C:\Program Files\<DIR> K-Lite Codec Pack
    [12/13/2009|06:37] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
    [12/04/2009|01:30] C:\Program Files\<DIR> Maxthon
    [07/18/2008|04:37] C:\Program Files\<DIR> Messenger
    [07/18/2008|01:55] C:\Program Files\<DIR> Microsoft ActiveSync
    [07/18/2008|04:40] C:\Program Files\<DIR> microsoft frontpage
    [07/18/2008|01:54] C:\Program Files\<DIR> Microsoft Office
    [07/18/2008|01:55] C:\Program Files\<DIR> Microsoft.NET
    [07/18/2008|04:38] C:\Program Files\<DIR> Movie Maker
    [10/26/2009|06:45] C:\Program Files\<DIR> Mozilla Firefox
    [07/18/2008|04:36] C:\Program Files\<DIR> MSN
    [07/18/2008|04:37] C:\Program Files\<DIR> MSN Gaming Zone
    [07/18/2008|01:59] C:\Program Files\<DIR> mtd2002
    [09/30/2009|12:42] C:\Program Files\<DIR> MyRealGames.com
    [07/18/2008|04:38] C:\Program Files\<DIR> NetMeeting
    [07/18/2008|04:37] C:\Program Files\<DIR> Online Services
    [07/18/2008|04:38] C:\Program Files\<DIR> Outlook Express
    [07/18/2008|04:50] C:\Program Files\<DIR> Realtek
    [09/05/2008|08:09] C:\Program Files\<DIR> Sigmatel
    [10/26/2009|05:28] C:\Program Files\<DIR> Styler
    [11/18/2009|08:44] C:\Program Files\<DIR> TeraCopy
    [11/16/2009|06:40] C:\Program Files\<DIR> Thoosje Vista Sidebar
    [11/04/2009|08:47] C:\Program Files\<DIR> TMP Software
    [12/13/2009|07:07] C:\Program Files\<DIR> trend micro
    [11/09/2009|06:30] C:\Program Files\<DIR> TypingMaster
    [08/25/2008|08:48] C:\Program Files\<DIR> UniKey
    [07/18/2008|04:45] C:\Program Files\<DIR> Uninstall Information
    [07/18/2008|01:53] C:\Program Files\<DIR> Vietkey
    [08/25/2008|08:51] C:\Program Files\<DIR> Windows Media Connect 2
    [07/18/2008|04:37] C:\Program Files\<DIR> Windows Media Player
    [07/18/2008|04:36] C:\Program Files\<DIR> Windows NT
    [07/18/2008|04:39] C:\Program Files\<DIR> WindowsUpdate
    [07/18/2008|01:58] C:\Program Files\<DIR> WinRAR
    [10/26/2009|08:21] C:\Program Files\<DIR> WinZip
    [07/18/2008|04:40] C:\Program Files\<DIR> xerox
    [07/18/2008|04:47] C:\Program Files\<DIR> Yahoo!
    [12/07/2009|09:18] C:\Program Files\<DIR> YIM Smileys New

    --------------------\\ Listing Folders in C:\Program Files\Common Files

    [10/24/2009|07:12] C:\Program Files\Common Files\<DIR> ACD Systems
    [07/18/2008|01:57] C:\Program Files\Common Files\<DIR> Adobe
    [07/18/2008|01:55] C:\Program Files\Common Files\<DIR> DESIGNER
    [07/18/2008|04:49] C:\Program Files\Common Files\<DIR> InstallShield
    [07/18/2008|04:30] C:\Program Files\Common Files\<DIR> Microsoft Shared
    [07/18/2008|04:38] C:\Program Files\Common Files\<DIR> MSSoap
    [07/18/2008|04:30] C:\Program Files\Common Files\<DIR> ODBC
    [07/18/2008|04:38] C:\Program Files\Common Files\<DIR> Services
    [07/18/2008|04:30] C:\Program Files\Common Files\<DIR> SpeechEngines
    [11/04/2009|09:39] C:\Program Files\Common Files\<DIR> SWF Studio
    [07/18/2008|04:38] C:\Program Files\Common Files\<DIR> System

    --------------------\\ Process

    ( 40 Processes )

    iexplore.exe ~ [PID:2820]

    --------------------\\ Searching with S_Lop

    No Lop folder found !

    --------------------\\ Searching for Lop Files - Folders

    C:\DOCUME~1\User\LOCALS~1\Temp\nstmp
    C:\DOCUME~1\User\Cookies\user@adultfriendfinder[1].txt
    C:\DOCUME~1\User\Cookies\user@advertising[1].txt

    --------------------\\ Searching within the Registry

    ..... OK !

    --------------------\\ Checking the Hosts file

    Hosts file CLEAN


    --------------------\\ Searching for hidden files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
    Rootkit scan 2009-12-13 23:32:34
    Windows 5.1.2600 Service Pack 2 FAT NTAPI
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Searching for other infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\USER\Local Settings\Temporary Internet Files\Content.IE5\IBAVA9UN\imp[1].htm%3Fhighlight%3Dcrack&r=1
    C:\DOCUME~1\USER\Local Settings\Temporary Internet Files\Content.IE5\QLSV6HE5\imp[1].htm%3Fhighlight%3Dcrack&r=1
    C:\DOCUME~1\USER\Recent\crack.lnk


    [F:3927][D:836]-> C:\DOCUME~1\User\LOCALS~1\Temp
    [F:206][D:0]-> C:\DOCUME~1\User\Cookies
    [F:5104][D:20]-> C:\DOCUME~1\User\LOCALS~1\TEMPOR~1\content.IE5
    [F:2][D:0]-> C:\Recycled

    1 - "C:\Lop SD\LopR_1.txt" - Sun 12/13/2009|23:32 - Option : [1]

    --------------------\\ Scan completed at 23:32:57

    ---------- Bài viết đã được nhập tự động bởi hệ thống ----------

    bạn ơi chi cho mình cách dùng nốt cái GMER. Mình thấy phương pháp của bạn rất hiệu quả đó. Cám ơn nhiều nhé.
    Thay đổi nội dung bởi ntdiam1991; 14-12-2009 lúc 10:13. Lý do: Hệ thống nhập bài tự động

  11. #9
    d4rKn3s5r3b0rN's Avatar
    d4rKn3s5r3b0rN vẫn chưa có mặt trong diễn đàn Rìu Chiến Chấm
    Tham gia
    Apr 2009
    Đến từ
    DDT
    Bài
    2.353
    Cảm ơn
    1.176
    Điểm
    1.956/904 bài viết

    Default

    bạn bật GMER lên, đánh dấu chọn vào các mục cần quét ( nên đánh dấu hết ) rồi chọn Scan. Để ý những phần màu đỏ, bạn xem nó có phải Rootkit ko nếu phải thì tìm cách xóa nó đi

  12. #10
    bolzano_1989's Avatar
    bolzano_1989 vẫn chưa có mặt trong diễn đàn Búa Đá Đôi
    Tham gia
    Oct 2008
    Bài
    113
    Cảm ơn
    186
    Điểm
    48/26 bài viết

    Default

    Bạn gửi sai log của ESET SysInspector, bạn hãy xem lại hướng dẫn và thực hiện lại nhé.
    Bạn cũng gửi thiếu log của RSIT và Avira AntiVir Support Collector.
    Bạn cũng chưa cài đặt, update đầy đủ và quét toàn bộ máy tính của bạn với CMC Antivirus/IS như hướng dẫn ở trên.

  13. #11
    ntdiam1991's Avatar
    ntdiam1991 vẫn chưa có mặt trong diễn đàn Búa Gỗ
    Tham gia
    Dec 2009
    Bài
    23
    Cảm ơn
    2
    Điểm
    3/3 bài viết

    Default

    Đúng rồi nhà mình dung kapersky nên mình đã bỏ qua bước đó của bạn.

    ---------- Bài viết đã được nhập tự động bởi hệ thống ----------

    log rsit
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by User at 2009-12-14 18:14:13
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 20 GB (66%) free of 30 GB
    Total RAM: 1014 MB (49% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:14:20 PM, on 12/14/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\UniKey\UniKey.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\{EFC37159-CCB5-4042-AE0D-1452D3B53816}\clock.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\DU Meter\DUMeterSvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\User\Desktop\RSIT.exe
    C:\Program Files\trend micro\User.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: TBSB02408 - {21998A86-8246-4F14-ADAF-0E490696FE59} - C:\Documents and Settings\User\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Amazon Toolbar - {DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8} - C:\Documents and Settings\User\Application Data\Toolbars\Amazon Toolbar\amazon.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey\UniKey.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
    O4 - Startup: Seven Clock.lnk = E:\Setup\dao dien\Windows Se7en Transformation Pack\WindowsSe7en\Vienna_Transformation\Gadgets\cl ock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGR A~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 7431 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
    IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll [2005-04-13 327748]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{21998A86-8246-4F14-ADAF-0E490696FE59}]
    TBSB02408 Class - C:\Documents and Settings\User\Application Data\Toolbars\Amazon Toolbar\amazon.dll [2008-04-14 2433024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll [2009-12-06 764912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
    FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll [2005-04-13 327748]
    {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    {DABEFD00-2B5E-4DB8-88EB-B1F7500E97A8} - Amazon Toolbar - C:\Documents and Settings\User\Application Data\Toolbars\Amazon Toolbar\amazon.dll [2008-04-14 2433024]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
    "SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
    "QuickTime Task"=D:\qttask.exe -atboottime []
    "Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-12-06 122368]
    "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
    "UniKey"=C:\Program Files\UniKey\UniKey.exe [2006-01-02 208896]
    "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
    "DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2008-06-09 2645528]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
    "IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-11-11 3171760]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2009-12-06 39408]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mtd2002Svr]
    C:\Program Files\mtd2002\mtdserver.exe [2002-10-05 544768]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    C:\Documents and Settings\User\Start Menu\Programs\Startup
    Seven Clock.lnk - E:\Setup\dao dien\Windows Se7en Transformation Pack\WindowsSe7en\Vienna_Transformation\Gadgets\cl ock.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvk bd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\mtd2002\mtdserver.exe"="C:\Program Files\mtd2002\mtdserver.exe:Enabled:mtdServer"
    "C:\kav7.0+crack\setup.exe"="C:\kav7.0+crack\setup .exe:Enabled:Kaspersky Anti-Virus 7.0 Setup"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:Enabled:Yahoo! FT Server"
    "C:\Documents and Settings\User\Desktop\kav7.0\setup.exe"="C:\Docume nts and Settings\User\Desktop\kav7.0\setup.exe:Enabled:Kaspersky Anti-Virus 7.0 Setup"
    "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\AVP.EXE"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\AVP.EXE:Enabled:Kaspersky Anti-Virus"
    "E:\HL160\cstrike.exe"="E:\HL160\cstrike.exe:Enabled:Half-Life Launcher"
    "E:\Games\Aoe2\empiresx.exe"="E:\Games\Aoe2\empire sx.exe:Enabled:Age of Empires, the Rise of Rome"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exeisabled:Firefox"
    "D:\Garena\Garena.exe"="D:\Garena\Garena.exeisabled:Garena"
    "C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:Enabled:Garena"
    "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.463\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.463\English\setup.exeisabled:Kaspersky Anti-Virus 2010 Setup"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:enabled:@xpsp2res.dll,-22019"

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eae278dc-54e5-11dd-83ff-806d6172696f}]
    shell\AutoRun\command - F:\Run.exe


    ======List of files/folders created in the last 1 months======

    2009-12-13 23:31:22 ----A---- C:\lopR.txt
    2009-12-13 23:29:51 ----D---- C:\Lop SD
    2009-12-13 23:28:21 ----A---- C:\RootRepeal report 12-13-09 (23-28-21).txt
    2009-12-13 23:26:39 ----A---- C:\RootRepeal report 12-13-09 (23-26-39).txt
    2009-12-13 22:36:45 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2009-12-13 21:03:31 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
    2009-12-13 21:03:25 ----HD---- C:\WINDOWS\$NtUninstallKB958869$
    2009-12-13 21:03:18 ----HD---- C:\WINDOWS\$NtUninstallKB976098-v2$
    2009-12-13 21:03:12 ----HD---- C:\WINDOWS\$NtUninstallKB956844$
    2009-12-13 21:03:03 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2009-12-13 21:02:55 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
    2009-12-13 21:02:44 ----HD---- C:\WINDOWS\$NtUninstallKB958687$
    2009-12-13 21:02:29 ----HD---- C:\WINDOWS\$NtUninstallKB973354$
    2009-12-13 21:02:23 ----HD---- C:\WINDOWS\$NtUninstallKB971961$
    2009-12-13 21:02:15 ----HD---- C:\WINDOWS\$NtUninstallKB971486$
    2009-12-13 21:02:05 ----HD---- C:\WINDOWS\$NtUninstallKB973525$
    2009-12-13 21:01:56 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
    2009-12-13 21:00:03 ----N---- C:\WINDOWS\system32\tzchange.exe
    2009-12-13 20:22:47 ----HD---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2009-12-13 20:22:13 ----D---- C:\WINDOWS\system32\PreInstall
    2009-12-13 20:22:12 ----N---- C:\WINDOWS\system32\spmsg.dll
    2009-12-13 20:22:11 ----HD---- C:\WINDOWS\$NtUninstallKB898461$
    2009-12-13 20:22:11 ----HD---- C:\WINDOWS\$hf_mig$
    2009-12-13 20:13:30 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2009-12-13 19:07:34 ----D---- C:\rsit
    2009-12-13 19:07:34 ----D---- C:\Program Files\trend micro
    2009-12-13 18:48:31 ----D---- C:\Avenger
    2009-12-13 18:37:17 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
    2009-12-13 18:37:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-12-13 18:37:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-12-13 15:51:54 ----R---- C:\WINDOWS\Alcmtr.exe
    2009-12-12 18:38:58 ----HD---- C:\WINDOWS\PIF
    2009-12-07 21:18:26 ----D---- C:\Program Files\YIM Smileys New
    2009-12-07 10:09:48 ----SHD---- C:\FOUND.003
    2009-12-07 08:49:46 ----SHD---- C:\FOUND.002
    2009-12-06 11:54:01 ----D---- C:\Program Files\Kaspersky Lab
    2009-12-06 10:34:09 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-12-06 09:18:31 ----D---- C:\Documents and Settings\User\Application Data\Google
    2009-12-06 09:18:15 ----D---- C:\Program Files\Google
    2009-12-06 09:18:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2009-12-05 21:13:23 ----A---- C:\WINDOWS\IE4 Error Log.txt
    2009-12-05 18:09:53 ----HD---- C:\$AVG8.VAULT$
    2009-12-05 17:48:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-12-05 11:08:51 ----SHD---- C:\WINDOWS\CSC
    2009-12-05 11:08:48 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-12-04 23:16:27 ----RA---- C:\WINDOWS\system32\igfxres.dll
    2009-12-04 23:14:59 ----RA---- C:\WINDOWS\system32\iglicd32.dll
    2009-12-04 23:14:59 ----RA---- C:\WINDOWS\system32\igldev32.dll
    2009-12-04 23:14:59 ----RA---- C:\WINDOWS\system32\igfxext.exe
    2009-12-04 23:14:59 ----RA---- C:\WINDOWS\system32\igfxexps.dll
    2009-12-04 23:14:59 ----RA---- C:\WINDOWS\system32\igfxCoIn_v4906.dll
    2009-12-04 23:14:58 ----N---- C:\WINDOWS\system32\igfxpers.exe
    2009-12-04 23:14:57 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
    2009-12-04 23:14:57 ----RA---- C:\WINDOWS\system32\igfxpph.dll
    2009-12-04 23:14:57 ----RA---- C:\WINDOWS\system32\igfxdo.dll
    2009-12-04 23:14:57 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
    2009-12-04 23:14:57 ----N---- C:\WINDOWS\system32\igfxtray.exe
    2009-12-04 23:14:57 ----N---- C:\WINDOWS\system32\igfxsrvc.exe
    2009-12-04 23:14:57 ----N---- C:\WINDOWS\system32\igfxress.dll
    2009-12-04 23:14:57 ----N---- C:\WINDOWS\system32\igfxdev.dll
    2009-12-04 23:14:57 ----N---- C:\WINDOWS\system32\hkcmd.exe
    2009-12-04 23:14:56 ----N---- C:\WINDOWS\system32\igxprd32.dll
    2009-12-04 23:14:56 ----N---- C:\WINDOWS\system32\igxpgd32.dll
    2009-12-04 23:14:56 ----N---- C:\WINDOWS\system32\igxpdx32.dll
    2009-12-04 23:14:56 ----N---- C:\WINDOWS\system32\igxpdv32.dll
    2009-12-04 23:14:56 ----N---- C:\WINDOWS\system32\igfxsrvc.dll
    2009-12-04 23:14:56 ----N---- C:\WINDOWS\system32\hccutils.dll
    2009-12-04 23:14:33 ----RA---- C:\WINDOWS\system32\igxpun.exe
    2009-12-04 22:43:26 ----D---- C:\Documents and Settings\User\Application Data\IDM
    2009-12-04 22:43:26 ----D---- C:\Documents and Settings\User\Application Data\DMCache
    2009-12-04 22:43:22 ----D---- C:\Program Files\Internet Download Manager
    2009-12-04 22:34:31 ----D---- C:\Documents and Settings\User\Application Data\TeamViewer
    2009-12-04 14:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-12-04 13:32:35 ----D---- C:\Intel
    2009-12-04 13:30:37 ----D---- C:\Program Files\Maxthon
    2009-12-02 21:07:41 ----D---- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
    2009-12-02 21:07:40 ----D---- C:\Program Files\DU Meter
    2009-11-29 09:37:33 ----D---- C:\Program Files\Garena
    2009-11-26 22:41:23 ----A---- C:\WINDOWS\system32\idmmbc.dll
    2009-11-22 21:52:56 ----HD---- C:\$AVG
    2009-11-22 21:52:41 ----D---- C:\Program Files\AVG
    2009-11-22 21:52:41 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
    2009-11-22 15:37:44 ----D---- C:\Documents and Settings\User\Application Data\Media Player Classic
    2009-11-22 15:37:11 ----A---- C:\WINDOWS\system32\yv12vfw.dll
    2009-11-22 15:37:11 ----A---- C:\WINDOWS\system32\Iacenc.dll
    2009-11-22 15:37:11 ----A---- C:\WINDOWS\system32\huffyuv.dll
    2009-11-22 15:37:10 ----A---- C:\WINDOWS\system32\xvidvfw.dll
    2009-11-22 15:37:10 ----A---- C:\WINDOWS\system32\x264vfw.dll
    2009-11-22 15:37:10 ----A---- C:\WINDOWS\system32\vp7vfw.dll
    2009-11-22 15:37:10 ----A---- C:\WINDOWS\system32\vp6vfw.dll
    2009-11-22 15:37:10 ----A---- C:\WINDOWS\system32\qt-dx331.dll
    2009-11-22 15:37:10 ----A---- C:\WINDOWS\system32\dpl100.dll
    2009-11-22 15:37:10 ----A---- C:\WINDOWS\system32\divx.dll
    2009-11-22 15:37:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
    2009-11-22 15:37:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll
    2009-11-22 15:37:08 ----D---- C:\Program Files\K-Lite Codec Pack
    2009-11-18 20:44:09 ----D---- C:\Program Files\TeraCopy
    2009-11-16 18:40:28 ----D---- C:\Program Files\Thoosje Vista Sidebar

    ======List of files/folders modified in the last 1 months======

    2009-12-14 11:21:04 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-12-13 21:03:28 ----A---- C:\WINDOWS\imsins.BAK

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
    R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-12-06 315408]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-11-11 10368]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    S3 esihdrv;esihdrv; \??\C:\DOCUME~1\User\LOCALS~1\Temp\esihdrv.sys []
    S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\User\LOCALS~1\Temp\EBFA7.tmp []
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
    S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
    R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-09 1386008]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-06 182768]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

    -----------------EOF-----------------
    Thay đổi nội dung bởi ntdiam1991; 14-12-2009 lúc 18:15. Lý do: Hệ thống nhập bài tự động

  14. #12
    bolzano_1989's Avatar
    bolzano_1989 vẫn chưa có mặt trong diễn đàn Búa Đá Đôi
    Tham gia
    Oct 2008
    Bài
    113
    Cảm ơn
    186
    Điểm
    48/26 bài viết

    Default

    @ntdiam1991 : Mình có lợi thế được sự hỗ trợ từ CMC Lab, những tình huống khó không thực hiện thủ công được hay vì lí do nào đó mà mình bận thì CMC Antivirus/IS sẽ giúp bạn, CMC Antivirus/IS có thể tương thích với Kaspersky, cài đặt, update đầy đủ và quét toàn bộ máy tính của bạn với nhé . Mình cũng mong muốn rằng qua sự hỗ trợ của mình, chúng ta sẽ có cơ hội để thấy CMC Antivirus/IS không ít lần qua mặt Kaspersky, BKAVHome, BKAVPro hay bất kì sản phẩm Antivirus nào khác.
    Bạn gửi sai log của ESET SysInspector, bạn hãy xem lại hướng dẫn và thực hiện lại nhé.
    Bạn cũng gửi thiếu log của Avira AntiVir Support Collector.

  15. #13
    ntdiam1991's Avatar
    ntdiam1991 vẫn chưa có mặt trong diễn đàn Búa Gỗ
    Tham gia
    Dec 2009
    Bài
    23
    Cảm ơn
    2
    Điểm
    3/3 bài viết

    Default

    nhưng khi scan song minh tắt đi vậy bậy giờ mình muốn lấy lại thì vào đâu đậy.
    Khi mình chuyển cái GMER sang ổ D và đã scan được như bình thường rồi va mỗi lần lên mang mình thấy tốc độ có tăng và không còn bị những trang wed quảng cáo làm khó chịu nữa. Vậy bạn thấy máy mình như thế là đã diệt được hết hoàn toan virus chua.

    ---------- Bài viết đã được nhập tự động bởi hệ thống ----------

    bạn ơi mình thấy phần mềm diệt virus malwarebytes vất tốt khi quyets adware vậy mình có nên chạy cung một lúc cả 2 trương trình vua antivirus vua dung malwarebytes được không.
    Thay đổi nội dung bởi ntdiam1991; 14-12-2009 lúc 22:06. Lý do: Hệ thống nhập bài tự động

  16. #14
    bolzano_1989's Avatar
    bolzano_1989 vẫn chưa có mặt trong diễn đàn Búa Đá Đôi
    Tham gia
    Oct 2008
    Bài
    113
    Cảm ơn
    186
    Điểm
    48/26 bài viết

    Default

    Rất tiếc là chưa thể kết luận máy bạn đã sạch virus được.
    Bạn hoàn toàn có thể dùng Malwarebytes' Anti-Malware (bản miễn phí) và CMC Antivirus/IS cùng với Kaspersky. Chỉ cần lưu ý là không thực hiện việc scan máy bạn với 2 trong các phần mềm này cùng lúc.

    Bạn cần thực hiện scan để lấy lại log thôi:
    Tải,giải nén và chạy GMER :
    GMER sau lần quét mặc định lúc khởi động, nếu gmer hỏi bạn có muốn Run Scan, bạn chọn No rồi thiết lập bỏ các lựa chọn sau đây * Sections * IAT/EAT * Những Drives/Partitions khác Systemdrive (thông thường là giữ lựa chọn C:\ , bỏ lựa chọn D,E ..) * Show All

    Xong rồi thì click Scan , scan xong thì click Save với tên là "gmer.txt" .
    Upload file này và đưa link cho mình .

    Vào link sau, tải vào ngay desktop ESET SysInspector tương ứng với Processor Architecture (32-bit hay 64-bit) của máy bạn và chạy ESET SysInspector :
    Click tab File (ở góc trên bên phải), chọn 'Save Log' => Save => Upload file này và đưa link cho mình .
    Thay đổi nội dung bởi bolzano_1989; 14-12-2009 lúc 22:19.

  17. #15
    ntdiam1991's Avatar
    ntdiam1991 vẫn chưa có mặt trong diễn đàn Búa Gỗ
    Tham gia
    Dec 2009
    Bài
    23
    Cảm ơn
    2
    Điểm
    3/3 bài viết

    Default

    GMER 1.0.15.15279 -
    Rootkit scan 2009-12-15 21:53:50
    Windows 5.1.2600 Service Pack 2
    Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\uwwiypod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAA19E58C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAA19EE0C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAA19F922]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAA19FE94]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xAA19F0EE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xAA19D436]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAA19FD6C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xAA19E192]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAA19FC28]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAA19E34E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAA19FFC6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAA1A1C08]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAA19EAAA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAA19FCCA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAA1A15FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAA19D9FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAA19DD88]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAA19F576]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAA1A25CA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAA19DECA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAA19DF74]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xAA19F382]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAA1A168C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAA19D412]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAA19D424]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAA1A1CBC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAA19E0C0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAA19FF36]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xAA19EE8E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xAA19D5DC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAA19FE04]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAA19E792]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAA1A1C32]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAA1A0068]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAA19E6B6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAA19E01E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAA19DC46]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAA1A1FD4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAA19D896]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAA1A1922]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAA19DB0E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAA19D2B0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAA1A03F2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAA1A02B8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAA1A139A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAA1A4E2C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAA1A24AC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAA19D248]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAA19F65C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAA19ECC8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAA1A0C4A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xAA1A1786]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAA1A2114]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAA19D71E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAA1A21F8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAA1A2320]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAA1A1526]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAA19E90A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAA19E860]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAA1A1E8A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAA19E9EA]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 13E 804E4978 16 Bytes [4E, E3, 19, AA, C6, FF, 19, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A34 12 Bytes [8C, 16, 1A, AA, 12, D4, 19, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 37F 804E4BB9 7 Bytes [03, 1A, AA, B8, 02, 1A, AA]
    .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CA4 12 Bytes [F8, 21, 1A, AA, 20, 23, 1A, ...] {CLC ; AND [EDX], EBX; STOSB ; AND [EBX], AH; SBB CH, [EDX-0x55e5eada]}
    .text ntoskrnl.exe!ZwYieldExecution + 47A 804E4CB4 8 Bytes JMP 68AEF6D2
    .text ...
    .text ntoskrnl.exe!IoIsOperationSynchronous 804EAF7E 5 Bytes JMP AA1938B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F3BF9 5 Bytes JMP AA1934DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)

    ---- User code sections - GMER 1.0.15 ----

    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] USER32.dll!VRipOutput + FFFA5010 77D42A78 4 Bytes [70, 11, 33, 6D]
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] USER32.dll!VRipOutput + FFFA5010 77D42A78 4 Bytes [70, 11, 33, 6D]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [A9C51820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [A9C51820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] [A9C516D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00360240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003602B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00360320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00360390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00360550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003605C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00B60860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00B608D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 003606A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00B60940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00B609B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00B60A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B60A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00360780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 003607F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00360860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003608D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00360940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00B60B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00B60B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00B60BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 003609B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B60C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00B60CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00B60D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00B60DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00B60E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 00360B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00360B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00360BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00360C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00B60E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 00360CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00B60EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!VirtualFree] 00360E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00B60F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7D1E0550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1E05C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7D1E0630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7D1E06A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7D1E0710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7D1E0780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00360F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7C9B0390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7D1E07F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7D1E0860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7D1E08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7D1E0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7D1E09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7D1E0A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7D1E0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B70010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00B70080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00B700F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00B70160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00B701D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00B70240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00B702B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7C9B08D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7C9B0940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7C9B09B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7C9B0A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00B70320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7C9B0C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7C9B0CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7C9B0D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7C9B0EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00B70470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B704E0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00B70550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00B705C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00B70630
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00B706A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00B70710
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7C9B0F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00B70780
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00B707F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00B70860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B708D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00B70940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00B709B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00B70A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00B70A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00B70B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00B70B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00B70BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00B70C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00370010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 00370080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00B70CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00B70D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00B70DA0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00370160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B70E10
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B70E80
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B70EF0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B70F60
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00B80010
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00370390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B80080
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B800F0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00B80160
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00370400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B801D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00B80BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00B80C50
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00B80CC0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00B80D30
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00B90320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00B90390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00B90400
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00B90470
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00B90860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00B908D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00B90940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00B909B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00B90A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00B90A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00B90B00
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00B90B70
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B90BE0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00360240
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 003602B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00360320
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00360390
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00360550
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 003605C0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00D30860
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00D308D0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 003606A0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00D30940
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00D309B0
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00D30A20
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D30A90
    IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00360780

 

 
Trang 1/2 1 2 cuốicuối

Quyền sử dụng

  • Bạn không thể gửi chủ đề mới
  • Bạn không thể gửi trả lời
  • Bạn không thể gửi file đính kèm
  • Bạn không thể tự sửa bài viết của mình
  •