Provera Loga

Provera Loga

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 297
  • Gde živiš: Vranje

Molim Vas dami proverite ovaj log.
Problem koji imam je dugo paljenje računara.

Logfile of HijackThis v1.99.1
Scan saved at 20:43:23, on 2.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Sat-budilnik\AtomicAlarmClock\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
D:\Giveawey\RegistryDoctorPro\ARDPro\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
E:\Hijack\Promena.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Download\DownloadManager\Orbit\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\ObradaFilma\PowerDirector\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] E:\Sat-budilnik\AtomicAlarmClock\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.ocx
O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT.dll
O16 - DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} (FileInterface Class) - https://rol.raiffeisenbank.rs/RetailDLL/FSINT8.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://ma-config.com/activex/hardwaredetection_3_0_3_1.cab
O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab
O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} (SecAPI Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/EBCSCC2A.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A83A36A2-2A64-4EB1-AFE9-C1A2B94E5A28}: NameServer = 213.244.255.2,213.244.255.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA42E8A0-DE81-4909-83F2-8C72A285A168}: NameServer = 213.244.255.2,213.244.255.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFA5F76F-555B-4FFD-9955-C8FD42DC5452}: NameServer = 213.244.255.2,213.244.255.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Magix\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - D:\Giveawey\RegistryDoctorPro\ARDPro\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Log je čist a pomenuti problem verovatno nema veze sa malware-om.
No, ako ti sumnjaš da ima, možemo izvršiti dodatnu proveru.


Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Iskopiraj sadržaj tog izveštaja u iduću poruku.

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 297
  • Gde živiš: Vranje

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/03 08:58
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF782F000 Size: 98304 File Visible: No
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: 00000066
Image Path: \Driver\00000066
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7A50000 Size: 1664 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA3EF7000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\config\system.LOG
Status: Size mismatch (API: 1024, Raw: 20480)

Path: C:\Documents and Settings\korisnik\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρϴϱЄϱЃϵϳЅ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Application Data\SecuROM\UserData\ЃϵϳЅЂϿϽϯІχϯπρЂϻϵЉЃϵϳЅ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av52.tmp
Status: Allocation size mismatch (API: 28565504, Raw: 0)

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av59.tmp
Status: Allocation size mismatch (API: 28553216, Raw: 0)

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\dragan.milena@hotmail.de\DFSR\Staging\CS{3E45E3E9-8768-91D2-E5CE-F418464DB002}\01\29-{3E45E3E9-8768-91D2-E5CE-F418464DB002}-v1-{F89BC910-6049-4284-A21A-AE2539CC7237}-v29-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\dragan.milena@hotmail.de\DFSR\Staging\CS{3E45E3E9-8768-91D2-E5CE-F418464DB002}\12\12-{A9CB0F18-76F4-466A-8DC8-C53BA66C9AB4}-v12-{A9CB0F18-76F4-466A-8DC8-C53BA66C9AB4}-v12-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\jovan_a96@hotmail.com\DFSR\Staging\CS{BF9452D5-0E5C-D10D-996E-1CD13ACACA41}\01\17-{BF9452D5-0E5C-D10D-996E-1CD13ACACA41}-v1-{F89BC910-6049-4284-A21A-AE2539CC7237}-v17-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\manicslobodan@hotmail.com\DFSR\Staging\CS{2C421593-CC3E-74CB-9A9B-7C2855936169}\01\10-{2C421593-CC3E-74CB-9A9B-7C2855936169}-v1-{F89BC910-6049-4284-A21A-AE2539CC7237}-v10-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\manicslobodan@hotmail.com\DFSR\Staging\CS{2C421593-CC3E-74CB-9A9B-7C2855936169}\11\11-{F89BC910-6049-4284-A21A-AE2539CC7237}-v11-{F89BC910-6049-4284-A21A-AE2539CC7237}-v11-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\manicslobodan@hotmail.com\DFSR\Staging\CS{2C421593-CC3E-74CB-9A9B-7C2855936169}\12\12-{F89BC910-6049-4284-A21A-AE2539CC7237}-v12-{F89BC910-6049-4284-A21A-AE2539CC7237}-v12-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\manicslobodan@hotmail.com\DFSR\Staging\CS{2C421593-CC3E-74CB-9A9B-7C2855936169}\15\15-{F89BC910-6049-4284-A21A-AE2539CC7237}-v15-{F89BC910-6049-4284-A21A-AE2539CC7237}-v15-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\01\28-{25C26106-9A8B-0844-9E79-EA59AAB8C72B}-v1-{F89BC910-6049-4284-A21A-AE2539CC7237}-v28-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\11\11-{8E5FA966-7F0E-4C65-A444-F9FD480C59EF}-v11-{8E5FA966-7F0E-4C65-A444-F9FD480C59EF}-v11-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\11\11-{95BC613E-38A0-4363-8305-4095B9843B35}-v11-{95BC613E-38A0-4363-8305-4095B9843B35}-v11-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\12\12-{95BC613E-38A0-4363-8305-4095B9843B35}-v12-{95BC613E-38A0-4363-8305-4095B9843B35}-v12-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\13\13-{95BC613E-38A0-4363-8305-4095B9843B35}-v13-{95BC613E-38A0-4363-8305-4095B9843B35}-v13-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\14\14-{95BC613E-38A0-4363-8305-4095B9843B35}-v14-{95BC613E-38A0-4363-8305-4095B9843B35}-v14-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\15\15-{95BC613E-38A0-4363-8305-4095B9843B35}-v15-{95BC613E-38A0-4363-8305-4095B9843B35}-v15-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\16\16-{95BC613E-38A0-4363-8305-4095B9843B35}-v16-{95BC613E-38A0-4363-8305-4095B9843B35}-v16-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\17\17-{95BC613E-38A0-4363-8305-4095B9843B35}-v17-{95BC613E-38A0-4363-8305-4095B9843B35}-v17-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\18\18-{95BC613E-38A0-4363-8305-4095B9843B35}-v18-{95BC613E-38A0-4363-8305-4095B9843B35}-v18-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\19\19-{95BC613E-38A0-4363-8305-4095B9843B35}-v19-{95BC613E-38A0-4363-8305-4095B9843B35}-v19-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\20\20-{95BC613E-38A0-4363-8305-4095B9843B35}-v20-{95BC613E-38A0-4363-8305-4095B9843B35}-v20-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\21\21-{95BC613E-38A0-4363-8305-4095B9843B35}-v21-{95BC613E-38A0-4363-8305-4095B9843B35}-v21-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\23\23-{95BC613E-38A0-4363-8305-4095B9843B35}-v23-{95BC613E-38A0-4363-8305-4095B9843B35}-v23-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\24\24-{95BC613E-38A0-4363-8305-4095B9843B35}-v24-{95BC613E-38A0-4363-8305-4095B9843B35}-v24-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\26\26-{95BC613E-38A0-4363-8305-4095B9843B35}-v26-{95BC613E-38A0-4363-8305-4095B9843B35}-v26-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\27\27-{95BC613E-38A0-4363-8305-4095B9843B35}-v27-{95BC613E-38A0-4363-8305-4095B9843B35}-v27-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\28\28-{8E5FA966-7F0E-4C65-A444-F9FD480C59EF}-v28-{8E5FA966-7F0E-4C65-A444-F9FD480C59EF}-v28-Partial.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\28\28-{95BC613E-38A0-4363-8305-4095B9843B35}-v28-{95BC613E-38A0-4363-8305-4095B9843B35}-v28-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\29\29-{95BC613E-38A0-4363-8305-4095B9843B35}-v29-{95BC613E-38A0-4363-8305-4095B9843B35}-v29-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\30\30-{95BC613E-38A0-4363-8305-4095B9843B35}-v30-{95BC613E-38A0-4363-8305-4095B9843B35}-v30-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\30\30-{F89BC910-6049-4284-A21A-AE2539CC7237}-v30-{F89BC910-6049-4284-A21A-AE2539CC7237}-v30-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\31\31-{95BC613E-38A0-4363-8305-4095B9843B35}-v31-{95BC613E-38A0-4363-8305-4095B9843B35}-v31-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\31\31-{F89BC910-6049-4284-A21A-AE2539CC7237}-v31-{F89BC910-6049-4284-A21A-AE2539CC7237}-v31-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\32\32-{95BC613E-38A0-4363-8305-4095B9843B35}-v32-{95BC613E-38A0-4363-8305-4095B9843B35}-v32-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\34\34-{95BC613E-38A0-4363-8305-4095B9843B35}-v34-{95BC613E-38A0-4363-8305-4095B9843B35}-v34-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\35\35-{95BC613E-38A0-4363-8305-4095B9843B35}-v35-{95BC613E-38A0-4363-8305-4095B9843B35}-v35-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\37\37-{95BC613E-38A0-4363-8305-4095B9843B35}-v37-{95BC613E-38A0-4363-8305-4095B9843B35}-v37-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\38\38-{95BC613E-38A0-4363-8305-4095B9843B35}-v38-{95BC613E-38A0-4363-8305-4095B9843B35}-v38-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\39\39-{95BC613E-38A0-4363-8305-4095B9843B35}-v39-{95BC613E-38A0-4363-8305-4095B9843B35}-v39-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\40\40-{95BC613E-38A0-4363-8305-4095B9843B35}-v40-{95BC613E-38A0-4363-8305-4095B9843B35}-v40-Partial.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\hranca@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{25C26106-9A8B-0844-9E79-EA59AAB8C72B}\62\62-{F89BC910-6049-4284-A21A-AE2539CC7237}-v62-{F89BC910-6049-4284-A21A-AE2539CC7237}-v62-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\korisnik\Local Settings\Application Data\Microsoft\Messenger\stefansoki@hotmail.com\SharingMetadata\slobodan-manic@hotmail.com\DFSR\Staging\CS{575546BD-D4DE-8B77-0823-1F64DFC06609}\01\10-{575546BD-D4DE-8B77-0823-1F64DFC06609}-v1-{94E22F66-56F5-4DC6-B854-E3CD35B32941}-v10-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\retranslation\rollback\bases\av\emu\i386\klavemu.kdc:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660ca72

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660d01e

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660ea82

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660e438

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660c1e8

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "d347bus.sys" at address 0xf74c2a20

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa66103e4

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660ce1a

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660c62a

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660c82a

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660e744

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa66108f0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660c940

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660c9a8

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660e5fa

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660fea8

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660e294

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660c34a

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660cc40

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa661040e

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660cb96

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660ca10

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660c714

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660c4f2

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa6610110

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660be6a

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660f30c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xa660bStealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8ae52bf0 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8af261d8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8a73ec80 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8a46f4f0 Size: -

Object: Hidden Code [Driver: iteatapi, IRP_MJ_CREATE]
Process: System Address: 0x8aeb31d8 Size: -

Object: Hidden Code [Driver: iteatapi, IRP_MJ_CLOSE]
Process: System Address: 0x8aeb31d8 Size: -

Object: Hidden Code [Driver: iteatapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aeb31d8 Size: -

Object: Hidden Code [Driver: iteatapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aeb31d8 Size: -

Object: Hidden Code [Driver: iteatapi, IRP_MJ_POWER]
Process: System Address: 0x8aeb31d8 Size: -

Object: Hidden Code [Driver: iteatapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aeb31d8 Size: -

Object: Hidden Code [Driver: iteatapi, IRP_MJ_PNP]
Process: System Address: 0x8aeb31d8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a80f008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a805008 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8af291d8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8aaff4e0 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8aaff4e0 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aaff4e0 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aaff4e0 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8aaff4e0 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aaff4e0 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8aaff4e0 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8aeb51d8 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLOSE]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_READ]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_WRITE]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_EA]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLEANUP]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_POWER]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: d347prt, IRP_MJ_PNP]
Process: System Address: 0x8a377de0 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CREATE]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CLOSE]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_READ]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_WRITE]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_EA]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CLEANUP]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_POWER]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: Vax347s, IRP_MJ_PNP]
Process: System Address: 0x8a42dc48 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_CREATE]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_CLOSE]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_READ]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_WRITE]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_SET_EA]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_CLEANUP]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_POWER]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: FVDSCSI, IRP_MJ_PNP]
Process: System Address: 0x8a627b18 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a7df980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a7df980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7df980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a7df980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7df980 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a7df980 Size: -

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8a766e18 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a7ca6e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8a7b64a0 Size: -

Object: Hidden Code [Driver: Npfs؅灐䕅؁ం扏楄菘逰詛؂ఆ剒敬, IRP_MJ_READ]
Process: System Address: 0x8a979290 Size: -

Object: Hidden Code [Driver: Msfsࠅఊ䵃慖, IRP_MJ_READ]
Process: System Address: 0x8af37298 Size: -

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x8aafafb0 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_CREATE]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_CLOSE]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_READ]
Process: System Address: 0x8a5d7230 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_CLEANUP]
Process: System Address: 0x8a6b24b8 Size: -

Object: Hidden Code [Driver: CdfsЅ䱋湲Ё఍敓Ĩ, IRP_MJ_PNP]
Process: System Address: 0x8a6b24b8 Size: -

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo izgleda čisto.

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 297
  • Gde živiš: Vranje

Hvala na proveri.

Ko je trenutno na forumu
 

Ukupno su 1246 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 1199 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Bobrock1, Botovac, Brana01, CikaKURE, DeerHunter, Dimitrije Paunovic, dragoljub11987, dragon986, dushan, Georgius, herrDule, ILGromovnik, Kubovac, kuntalo, Leonov, lord sir giga, Lošmi, Magistar78, Mcdado, mercedesamg, milenko crazy north, milutin134, mrvica78, nebkv, oldtimer, panonski mornar, Parker, raptorsi, royst33, Srle993, ss10, Stoilkovic, Sumadija34, suton, tmanda323, vasa.93, vladulns, voja64, Volkhov-M, Zandar