GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-17 02:34:11 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHY2120BH rev.890B Running: iotdnq15.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\kgloapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA7F58F3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA7F58FE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA7F59080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA7F5911C] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 81A4A369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81A83D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 81A8B054 4 Bytes [3C, 8F, F5, A7] {CMP AL, 0x8f; CMC ; CMPSD } .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 81A8B324 8 Bytes [E4, 8F, F5, A7, 80, 90, F5, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 81A8B398 4 Bytes [1C, 91, F5, A7] {SBB AL, 0x91; CMC ; CMPSD } .text sptd.sys 8A2B2001 31 Bytes [17, E2, 81, 34, B2, E2, 81, ...] .text sptd.sys 8A2B2024 196 Bytes [60, 87, AA, 81, 05, C0, B2, ...] .text sptd.sys 8A2B20E9 163 Bytes [5B, A4, 81, FA, E4, AA, 81, ...] .text sptd.sys 8A2B218D 63 Bytes [68, A9, 81, A9, CD, AB, 81, ...] .text sptd.sys 8A2B21D4 4 Bytes [27, 39, 4F, 4E] {DAA ; CMP [EDI+0x4e], ECX} .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8A35E1AA] ? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process. PAGE PCIIDEX.SYS!DllUnload 8A45F606 5 Bytes JMP 84DE91C8 PAGE ataport.SYS!DllUnload + 1 8A504AD7 4 Bytes JMP 84DE51C9 .text USBPORT.SYS!DllUnload 8FA80DB9 5 Bytes JMP 8525D1C8 PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A9B0F000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A9B0F123 629 Bytes [A5, B0, A9, FE, 05, 34, A5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A9B0F399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A9B0F3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A9B0F4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtCreateFile + 6 778355CE 4 Bytes [28, 00, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtCreateFile + B 778355D3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtMapViewOfSection + 6 77835C2E 1 Byte [28] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtMapViewOfSection + 6 77835C2E 4 Bytes [28, 03, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtMapViewOfSection + B 77835C33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenFile + 6 77835CDE 4 Bytes [68, 00, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenFile + B 77835CE3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcess + 6 77835D8E 4 Bytes [A8, 01, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcess + B 77835D93 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessToken + B 77835DA3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessTokenEx + 6 77835DAE 4 Bytes [A8, 02, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessTokenEx + B 77835DB3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThread + 6 77835E0E 4 Bytes [68, 01, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThread + B 77835E13 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadToken + 6 77835E1E 4 Bytes [68, 02, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadToken + B 77835E23 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadTokenEx + B 77835E33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryAttributesFile + 6 77835F3E 4 Bytes [A8, 00, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryAttributesFile + B 77835F43 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryFullAttributesFile + B 77835FF3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationFile + 6 7783663E 4 Bytes [28, 01, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationFile + B 77836643 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationThread + 6 7783669E 4 Bytes [28, 02, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationThread + B 778366A3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtUnmapViewOfSection + 6 778369BE 1 Byte [68] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtUnmapViewOfSection + 6 778369BE 4 Bytes [68, 03, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtUnmapViewOfSection + B 778369C3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + 6 778355CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + B 778355D3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + 6 77835C2E 1 Byte [28] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + 6 77835C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + B 77835C33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + 6 77835CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + B 77835CE3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + 6 77835D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + B 77835D93 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + B 77835DA3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + 6 77835DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + B 77835DB3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + 6 77835E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + B 77835E13 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + 6 77835E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + B 77835E23 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + B 77835E33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + 6 77835F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + B 77835F43 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + B 77835FF3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + 6 7783663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + B 77836643 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + 6 7783669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + B 778366A3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + 6 778369BE 1 Byte [68] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + 6 778369BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + B 778369C3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtCreateFile + 6 778355CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtCreateFile + B 778355D3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtMapViewOfSection + 6 77835C2E 1 Byte [28] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtMapViewOfSection + 6 77835C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtMapViewOfSection + B 77835C33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenFile + 6 77835CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenFile + B 77835CE3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcess + 6 77835D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcess + B 77835D93 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcessToken + B 77835DA3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcessTokenEx + 6 77835DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenProcessTokenEx + B 77835DB3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThread + 6 77835E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThread + B 77835E13 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThreadToken + 6 77835E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThreadToken + B 77835E23 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtOpenThreadTokenEx + B 77835E33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtQueryAttributesFile + 6 77835F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtQueryAttributesFile + B 77835F43 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtQueryFullAttributesFile + B 77835FF3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtSetInformationFile + 6 7783663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtSetInformationFile + B 77836643 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtSetInformationThread + 6 7783669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtSetInformationThread + B 778366A3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtUnmapViewOfSection + 6 778369BE 1 Byte [68] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtUnmapViewOfSection + 6 778369BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!NtUnmapViewOfSection + B 778369C3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtCreateFile + 6 778355CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtCreateFile + B 778355D3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtMapViewOfSection + 6 77835C2E 1 Byte [28] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtMapViewOfSection + 6 77835C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtMapViewOfSection + B 77835C33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenFile + 6 77835CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenFile + B 77835CE3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcess + 6 77835D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcess + B 77835D93 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcessToken + B 77835DA3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcessTokenEx + 6 77835DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenProcessTokenEx + B 77835DB3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThread + 6 77835E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThread + B 77835E13 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThreadToken + 6 77835E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThreadToken + B 77835E23 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtOpenThreadTokenEx + B 77835E33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtQueryAttributesFile + 6 77835F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtQueryAttributesFile + B 77835F43 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtQueryFullAttributesFile + B 77835FF3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtSetInformationFile + 6 7783663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtSetInformationFile + B 77836643 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtSetInformationThread + 6 7783669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtSetInformationThread + B 778366A3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtUnmapViewOfSection + 6 778369BE 1 Byte [68] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtUnmapViewOfSection + 6 778369BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[3916] ntdll.dll!NtUnmapViewOfSection + B 778369C3 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8A2B370C] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8A2B3EEE] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8A2B420E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8A2B40CC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8A2B38F0] \SystemRoot\System32\Drivers\sptd.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84DEE1E8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 8523F328 Device \Driver\usbehci \Device\USBPDO-1 852D7328 Device \Driver\NetBT \Device\NetBT_Tcpip_{236B8D61-E948-42DA-8142-0A99893076CD} 851D61E8 AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{8D025171-657F-4192-877F-9C1769BA5E80} 851D61E8 Device \Driver\cdrom \Device\CdRom0 851271E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84DEB1E8 Device \Driver\atapi \Device\Ide\IdePort0 84DEB1E8 Device \Driver\atapi \Device\Ide\IdePort1 84DEB1E8 Device \Driver\msahci \Device\Ide\PciIde1Channel0 84DEC1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84DEB1E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 851D61E8 Device \Driver\ACPI_HAL \Device\0000005b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 8523F328 Device \Driver\usbehci \Device\USBFDO-1 852D7328 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xF8 0xF6 0xCC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xF8 0xF6 0xCC ... Reg HKLM\SOFTWARE\Classes\.avgdx@ Reg HKLM\SOFTWARE\Classes\.avgdx@Content Type AvgDiagExFile Reg HKLM\SOFTWARE\Classes\.avgdx\shell Reg HKLM\SOFTWARE\Classes\.avgdx\shell\AvgDxOpenVerb Reg HKLM\SOFTWARE\Classes\.avgdx\shell\AvgDxOpenVerb@ Otw?rz plik diagnostyczny systemu AVG Reg HKLM\SOFTWARE\Classes\.avgdx\shell\AvgDxOpenVerb\command Reg HKLM\SOFTWARE\Classes\.avgdx\shell\AvgDxOpenVerb\command@ "C:\Program Files\AVG\AVG2012\avgdiagex.exe" /FILE="%1" /UI Reg HKLM\SOFTWARE\Classes\.svg@ svgfile Reg HKLM\SOFTWARE\Classes\.svg@Content Type image/svg+xml Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter@ AVG Safe Search Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter\CLSID Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter\CLSID@ {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter\CurVer Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter\CurVer@ LinkScannerIE.NavFilter.1 Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter.1@ AVG Safe Search Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter.1\CLSID Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter.1\CLSID@ {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Reg HKLM\SOFTWARE\Classes\MicroScanner.MicroScanner@ Class managing the system scan module Reg HKLM\SOFTWARE\Classes\MicroScanner.MicroScanner\Clsid Reg HKLM\SOFTWARE\Classes\MicroScanner.MicroScanner\Clsid@ {1152F8E0-69DB-4935-AFC3-59F8A5A86A30} Reg HKLM\SOFTWARE\Classes\MicroScannerElevation.MicroScannerClean@ MicroScannerClean Reg HKLM\SOFTWARE\Classes\MicroScannerElevation.MicroScannerClean\Clsid Reg HKLM\SOFTWARE\Classes\MicroScannerElevation.MicroScannerClean\Clsid@ {1B29DEAA-3F68-4A51-8877-A0EB3F879AC3} Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad@ Synaptics Absolute Mode Touchpad Class Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad\CLSID Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad\CLSID@ {2A833A93-6641-11D3-B5FE-00104B0A87C2} Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad\CurVer Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad\CurVer@ Synaptics.AbsTouchPad.1 Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad.1@ Synaptics Absolute Mode Touchpad Class Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad.1\CLSID Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad.1\CLSID@ {2A833A93-6641-11D3-B5FE-00104B0A87C2} ---- EOF - GMER 1.0.15 ----