GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-12 18:39:17 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320620AS rev.3.AAK Running: qp4j4lob.exe; Driver: C:\Users\Domowy\AppData\Local\Temp\ugkdrpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 83655349 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8368ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text sptd.sys 894A8000 8 Bytes [34, 62, A3, 83, A0, C7, A2, ...] .text sptd.sys 894A8009 23 Bytes [C7, A2, 83, 48, EB, A2, 83, ...] .text sptd.sys 894A8024 4 Bytes [44, 75, 5D, 89] .text sptd.sys 894A802C 100 Bytes [39, C6, 87, 83, 48, 89, 7F, ...] .text sptd.sys 894A8091 87 Bytes [35, 65, 83, 15, E5, 64, 83, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8959FD38] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. PAGE PCIIDEX.SYS!DllUnload 896D7606 5 Bytes JMP 856801D8 PAGE ataport.SYS!DllUnload + 1 8974EAD7 4 Bytes JMP 8567C1D9 .text USBPORT.SYS!DllUnload 8F42CDB9 5 Bytes JMP 866AE1D8 .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9D67D300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9D6C0300, 0x1BEE, 0xE8000020] PAGE peauth.sys 9D6D0BEC 111 Bytes JMP AF66CA22 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\OO Software\Defrag\oodag.exe[280] kernel32.dll!SetUnhandledExceptionFilter 7678F4FB 5 Bytes JMP 00402FB0 C:\Program Files\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1652] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2012] kernel32.dll!LoadLibraryA 7678DC65 5 Bytes JMP 74A499A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2012] kernel32.dll!LoadLibraryW 7678EF42 5 Bytes JMP 74A49A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D074A4 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D07535 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D076F3 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4740] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes CALL 76D064A4 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes CALL 76D06535 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D066F3 C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [894A90C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [894A9FE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [894A9574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [894AA1BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [894A9362] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\mfevtps.exe[232] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [001CA510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) IAT C:\Windows\system32\rundll32.exe[416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D9FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D9FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D9FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[416] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D9FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1028] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D9FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1028] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D9FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1028] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D9FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1028] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D9FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74752437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74735600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747356BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747524B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74748514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74744CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7474506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74745144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74746671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7474826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747487BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7474901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7474E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74744BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 863071F8 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) Device \FileSystem\fastfat \FatCdrom 8869E430 Device \Driver\usbuhci \Device\USBPDO-0 866B71F8 Device \Driver\usbuhci \Device\USBPDO-1 866B71F8 Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-2 866B71F8 Device \Driver\usbuhci \Device\USBPDO-3 866B71F8 Device \Driver\usbehci \Device\USBPDO-4 8664A430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 8658C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 863051F8 Device \Driver\atapi \Device\Ide\IdePort0 863051F8 Device \Driver\atapi \Device\Ide\IdePort1 863051F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 863051F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1 863051F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3 863051F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\00000074 885E1430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\00000075 885E1430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 866181F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{566D0024-4C77-447A-AC20-71027DCEB6BE} 866181F8 Device \Driver\usbuhci \Device\USBFDO-0 866B71F8 Device \Driver\usbuhci \Device\USBFDO-1 866B71F8 Device \Driver\usbuhci \Device\USBFDO-2 866B71F8 Device \Driver\usbuhci \Device\USBFDO-3 866B71F8 Device \Driver\usbehci \Device\USBFDO-4 8664A430 Device \FileSystem\fastfat \Fat 8869E430 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0x03 0x8E 0xB8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0x03 0x8E 0xB8 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL F66C22969EA8F90053E047555BFECEEDF44718833F9DE3D8A9DEE990AEA95BB29E9A760CC95E20E331A8D6352C5A826596054E2478F9B2734B9D5B01B23D76CA5E7F2B47EE4944F58120499F4E6D18ACEFA7AA4648BFADC39D5D087FCB497B284412831F27BC88722FA4241E46C30500E8969B43C2D7C025262FE0583A2E6BE990A7966F7E33A25A5A7744BC1010D2619F9CE2776F4BEA3C2085AC59B2705874BC7F4D9876485AF1D53E598B99292295E3661246C8CAC0ECF6B60454DC366DECF239E87E84BD0F402902E6A1C38723A5BA8715153D28E7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667FEBC9E127BECC74CA6A0AC4980AC7933468977F30EA726F657628A90B0E44C0008A697D9117086A38213A09D431552BD9397DE19583A2FC7833D9185C5AFAE0987D8E0ECD64725913E1053543848E190BD30CDB50C257CF3B54D26C4120CA9541BBEC68ADB432C3C67DADECB13514B34639127C5D57FDE238E4FB5AE94A2E70105B05C988DB83FD701871E8ED4544B10EA2FAF98655A4C15F3328DF94D0FB8C3CB3C19D0DFEF262C54E1D17BFEE44222F93290D170B55F9A0F9B5E2D43DE8F61B6A359C049A5CC9569689E451B0C35FAFDF356E92E89559C4C634126001602B7D75CDA4CC309C2859 ---- EOF - GMER 1.0.15 ----