GMER 1.0.15.15572 - http://www.gmer.net Rootkit scan 2011-04-29 15:13:05 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST320413A rev.3.54 Running: k58w7t1l.exe; Driver: C:\DOCUME~1\adam\USTAWI~1\Temp\kgtyqaow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xF47DAC30] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xF47C61F0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xF47DC87C] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xF47C0CD0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xF47CCD20] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xF47D6280] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xF47D6AE0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xF47BFE70] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xF47CCAE0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xF47D4EF0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xF47CB970] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xF47CE3A0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xF47D30B0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xF47CC360] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xF47C4FF0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xF47CDBC0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xF47D87E0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xF47C0600] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xF47D7E00] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xF47DBDB0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xF47C6E00] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xF47CEE50] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xF47CF5C0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xF47D0910] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xF47D2910] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xF47D1A20] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xF47D2190] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xF47DD1FC] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xF47DA410] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xF47C7FA0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xF47CFD60] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xF47D91D0] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xF47D9B90] SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xF47DB3A0] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6D5E360, 0x3E57A5, 0xE8000020] init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6C5DA80] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[440] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 100A74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[440] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 100A74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[440] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 100A781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[440] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 100A7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\Explorer.EXE[440] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100A7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\TC PowerPack\totalcmd.exe[464] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 100A74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\TC PowerPack\totalcmd.exe[464] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 100A74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\TC PowerPack\totalcmd.exe[464] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 100A781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\TC PowerPack\totalcmd.exe[464] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 100A7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\TC PowerPack\totalcmd.exe[464] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100A7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[536] kernel32.dll!LoadResource 7C809FC5 5 Bytes JMP 00542C88 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[536] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 0053D0AC C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[536] USER32.dll!EnableWindow 7E36BE71 5 Bytes JMP 01084BE4 C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[536] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 0053D104 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[536] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 0053D0D8 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 100A74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 100A74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 100A781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 100A7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100A7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 100A74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 100A74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[620] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 100A781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[620] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 100A7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\services.exe[620] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100A7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\iPlus\iPlusManager.exe[788] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 100A74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\iPlus\iPlusManager.exe[788] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 100A74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\iPlus\iPlusManager.exe[788] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 100A781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\iPlus\iPlusManager.exe[788] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 100A7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\iPlus\iPlusManager.exe[788] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100A7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[1060] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 100A74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[1060] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 100A74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[1060] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 100A781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[1060] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 100A7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\WINDOWS\system32\spoolsv.exe[1060] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100A7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1128] kernel32.dll!LoadResource 7C809FC5 5 Bytes JMP 00566758 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.) .text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1128] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 00566900 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1148] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1172] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 100A74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1172] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 100A74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1172] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 100A781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1172] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 100A7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1172] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100A7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1196] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 100A74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1196] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 100A74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1196] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 100A781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1196] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 100A7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1196] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100A7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text F:\Download\Diagnostyka dla Fixitpc\k58w7t1l.exe[1460] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 100A74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text F:\Download\Diagnostyka dla Fixitpc\k58w7t1l.exe[1460] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 100A74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text F:\Download\Diagnostyka dla Fixitpc\k58w7t1l.exe[1460] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 100A781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text F:\Download\Diagnostyka dla Fixitpc\k58w7t1l.exe[1460] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 100A7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text F:\Download\Diagnostyka dla Fixitpc\k58w7t1l.exe[1460] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100A7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Mozilla Firefox\firefox.exe[1596] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1596] USER32.dll!SetWindowPos 7E36C01B 5 Bytes JMP 00FC74D8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Mozilla Firefox\firefox.exe[1596] USER32.dll!SetForegroundWindow 7E373D4D 5 Bytes JMP 00FC74AC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Mozilla Firefox\firefox.exe[1596] USER32.dll!ChangeDisplaySettingsExA 7E378AE5 5 Bytes JMP 00FC781C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Mozilla Firefox\firefox.exe[1596] USER32.dll!ChangeDisplaySettingsExW 7E3A938D 5 Bytes JMP 00FC7848 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) .text C:\Program Files\Mozilla Firefox\firefox.exe[1596] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 00FC7504 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F6BDC65A] \SystemRoot\system32\DRIVERS\afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F6BDC65A] \SystemRoot\system32\DRIVERS\afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F6BDC65A] \SystemRoot\system32\DRIVERS\afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F6BDC65A] \SystemRoot\system32\DRIVERS\afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6BDC65A] \SystemRoot\system32\DRIVERS\afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6BDC65A] \SystemRoot\system32\DRIVERS\afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\Tcpip \Device\Ip afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\Tcp afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys Device \Driver\Tcpip \Device\Udp afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\RawIp afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) Device \Driver\Tcpip \Device\IPMULTICAST afw.sys (Agnitum Firewall Driver/Agnitum Ltd.) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\adam\Ustawienia lokalne\Temp\1D.tmp\OP_CACHE.ATR 96 bytes File C:\Documents and Settings\adam\Ustawienia lokalne\Temp\1D.tmp\OP_CACHE.IDX 48 bytes File C:\Documents and Settings\adam\Ustawienia lokalne\Temp\2.tmp\OP_CACHE.ATR 96 bytes File C:\Documents and Settings\adam\Ustawienia lokalne\Temp\2.tmp\OP_CACHE.IDX 48 bytes File C:\Documents and Settings\adam\Ustawienia lokalne\Temp\392.tmp\OP_CACHE.ATR 96 bytes File C:\Documents and Settings\adam\Ustawienia lokalne\Temp\392.tmp\OP_CACHE.IDX 48 bytes File C:\Program Files\IObit\Advanced SystemCare 3\OP_CACHE.ATR 48 bytes File C:\Program Files\IObit\Advanced SystemCare 3\OP_CACHE.IDX 24 bytes File C:\Program Files\TransEnPl70\OP_CACHE.ATR 48 bytes File C:\Program Files\TransEnPl70\OP_CACHE.IDX 24 bytes File C:\Program Files\Acesoft\Internet History Eraser\OP_CACHE.ATR 48 bytes File C:\Program Files\Acesoft\Internet History Eraser\OP_CACHE.IDX 24 bytes File C:\Program Files\Acesoft\Internet History Eraser\Plugins\OP_CACHE.ATR 24 bytes File C:\Program Files\Acesoft\Internet History Eraser\Plugins\OP_CACHE.IDX 12 bytes File C:\Program Files\Agnitum\Outpost Security Suite Pro\OP_CACHE.ATR 48 bytes File C:\Program Files\Agnitum\Outpost Security Suite Pro\OP_CACHE.IDX 24 bytes File C:\Program Files\ArcSoft\WebCam Companion 2\OP_CACHE.ATR 24 bytes File C:\Program Files\ArcSoft\WebCam Companion 2\OP_CACHE.IDX 12 bytes File C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\OP_CACHE.ATR 72 bytes File C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\OP_CACHE.IDX 36 bytes File C:\Program Files\Autoruns\OP_CACHE.ATR 24 bytes File C:\Program Files\Autoruns\OP_CACHE.IDX 12 bytes File C:\Program Files\BestPlayer\OP_CACHE.ATR 48 bytes File C:\Program Files\BestPlayer\OP_CACHE.IDX 24 bytes File C:\Program Files\CCleaner\OP_CACHE.ATR 24 bytes File C:\Program Files\CCleaner\OP_CACHE.IDX 12 bytes File C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\OP_CACHE.ATR 96 bytes File C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\OP_CACHE.IDX 48 bytes File C:\Program Files\Common Files\Microsoft Shared\Source Engine\OP_CACHE.ATR 24 bytes File C:\Program Files\Common Files\Microsoft Shared\Source Engine\OP_CACHE.IDX 12 bytes File C:\Program Files\Desktop Calendar\OP_CACHE.ATR 24 bytes File C:\Program Files\Desktop Calendar\OP_CACHE.IDX 12 bytes File C:\Program Files\DR Player\OP_CACHE.ATR 24 bytes File C:\Program Files\DR Player\OP_CACHE.IDX 12 bytes File C:\Program Files\ESET\ESET NOD32 Antivirus\OP_CACHE.ATR 144 bytes File C:\Program Files\ESET\ESET NOD32 Antivirus\OP_CACHE.IDX 72 bytes File C:\Program Files\Foxit Software\Foxit Reader\OP_CACHE.ATR 24 bytes File C:\Program Files\Foxit Software\Foxit Reader\OP_CACHE.IDX 12 bytes File C:\Program Files\Internet Explorer\OP_CACHE.ATR 24 bytes File C:\Program Files\Internet Explorer\OP_CACHE.IDX 12 bytes File C:\Program Files\Opera\OP_CACHE.ATR 24 bytes File C:\Program Files\Opera\OP_CACHE.IDX 12 bytes File C:\Program Files\Outlook Express\OP_CACHE.ATR 24 bytes File C:\Program Files\Outlook Express\OP_CACHE.IDX 12 bytes File C:\Program Files\ProcessExplorer\OP_CACHE.ATR 24 bytes File C:\Program Files\ProcessExplorer\OP_CACHE.IDX 12 bytes File C:\Program Files\Program magazynowy\OP_CACHE.ATR 24 bytes File C:\Program Files\Program magazynowy\OP_CACHE.IDX 12 bytes File C:\Program Files\PWN\WSPWNOUP2004\OP_CACHE.ATR 24 bytes File C:\Program Files\PWN\WSPWNOUP2004\OP_CACHE.IDX 12 bytes File C:\Program Files\RegHealer\OP_CACHE.ATR 24 bytes File C:\Program Files\RegHealer\OP_CACHE.IDX 12 bytes File C:\Program Files\SCV Transcoding Tool\OP_CACHE.ATR 48 bytes File C:\Program Files\SCV Transcoding Tool\OP_CACHE.IDX 24 bytes File C:\Program Files\Secunia\PSI\OP_CACHE.ATR 24 bytes File C:\Program Files\Secunia\PSI\OP_CACHE.IDX 12 bytes File C:\Program Files\TC PowerPack\OP_CACHE.ATR 48 bytes File C:\Program Files\TC PowerPack\OP_CACHE.IDX 24 bytes File C:\Program Files\TC PowerPack\Tools\OP_CACHE.ATR 24 bytes File C:\Program Files\TC PowerPack\Tools\OP_CACHE.IDX 12 bytes File C:\Program Files\Tracker Software\PDF Viewer\OP_CACHE.ATR 24 bytes File C:\Program Files\Tracker Software\PDF Viewer\OP_CACHE.IDX 12 bytes File C:\Program Files\iPlus\Drivers\OP_CACHE.ATR 24 bytes File C:\Program Files\iPlus\Drivers\OP_CACHE.IDX 12 bytes File C:\Program Files\iPlus\OP_CACHE.ATR 72 bytes File C:\Program Files\iPlus\OP_CACHE.IDX 36 bytes File C:\Program Files\IrfanView\OP_CACHE.ATR 24 bytes File C:\Program Files\IrfanView\OP_CACHE.IDX 12 bytes File C:\Program Files\Kyodai Mahjongg 2006\OP_CACHE.ATR 24 bytes File C:\Program Files\Kyodai Mahjongg 2006\OP_CACHE.IDX 12 bytes File C:\Program Files\Lavalys\EVEREST Ultimate Edition\OP_CACHE.ATR 72 bytes File C:\Program Files\Lavalys\EVEREST Ultimate Edition\OP_CACHE.IDX 36 bytes File C:\Program Files\Leksykonia\TL7\bin\OP_CACHE.ATR 48 bytes File C:\Program Files\Leksykonia\TL7\bin\OP_CACHE.IDX 24 bytes File C:\Program Files\MATMIC Weather\OP_CACHE.ATR 48 bytes File C:\Program Files\MATMIC Weather\OP_CACHE.IDX 24 bytes File C:\Program Files\Microsoft Office\Office12\OP_CACHE.ATR 72 bytes File C:\Program Files\Microsoft Office\Office12\OP_CACHE.IDX 36 bytes File C:\Program Files\Microsoft Silverlight\4.0.60310.0\OP_CACHE.ATR 24 bytes File C:\Program Files\Microsoft Silverlight\4.0.60310.0\OP_CACHE.IDX 12 bytes File C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\OP_CACHE.ATR 24 bytes File C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\OP_CACHE.IDX 12 bytes File C:\Program Files\Microsoft SQL Server\90\Shared\OP_CACHE.ATR 24 bytes File C:\Program Files\Microsoft SQL Server\90\Shared\OP_CACHE.IDX 12 bytes File C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\OP_CACHE.ATR 24 bytes File C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\OP_CACHE.IDX 12 bytes File C:\Program Files\Mozilla Firefox\OP_CACHE.ATR 48 bytes File C:\Program Files\Mozilla Firefox\OP_CACHE.IDX 24 bytes File C:\Program Files\Mozilla Firefox\uninstall\OP_CACHE.ATR 24 bytes File C:\Program Files\Mozilla Firefox\uninstall\OP_CACHE.IDX 12 bytes File C:\Program Files\versaverter\OP_CACHE.ATR 24 bytes File C:\Program Files\versaverter\OP_CACHE.IDX 12 bytes File C:\Program Files\VS Revo Group\Revo Uninstaller Pro\OP_CACHE.ATR 48 bytes File C:\Program Files\VS Revo Group\Revo Uninstaller Pro\OP_CACHE.IDX 24 bytes File C:\Program Files\WinRAR\OP_CACHE.ATR 24 bytes File C:\Program Files\WinRAR\OP_CACHE.IDX 12 bytes File C:\Program Files\WITaj!\OP_CACHE.ATR 24 bytes File C:\Program Files\WITaj!\OP_CACHE.IDX 12 bytes File C:\WINDOWS\OP_CACHE.ATR 168 bytes File C:\WINDOWS\OP_CACHE.IDX 84 bytes File C:\WINDOWS\pchealth\helpctr\binaries\OP_CACHE.ATR 24 bytes File C:\WINDOWS\pchealth\helpctr\binaries\OP_CACHE.IDX 12 bytes File C:\WINDOWS\system32\OP_CACHE.ATR 888 bytes File C:\WINDOWS\system32\OP_CACHE.IDX 444 bytes File C:\WINDOWS\system32\Restore\OP_CACHE.ATR 24 bytes File C:\WINDOWS\system32\Restore\OP_CACHE.IDX 12 bytes File C:\WINDOWS\system32\wbem\OP_CACHE.ATR 72 bytes File C:\WINDOWS\system32\wbem\OP_CACHE.IDX 36 bytes File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\OP_CACHE.ATR 96 bytes File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\OP_CACHE.IDX 48 bytes ---- EOF - GMER 1.0.15 ----