GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-04 11:07:37 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500AAJS-00VTA0 rev.01.01B01 Running: gmer.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ugldapod.sys ---- System - GMER 1.0.15 ---- SSDT F7BE8816 ZwCreateKey SSDT F7BE880C ZwCreateThread SSDT F7BE881B ZwDeleteKey SSDT F7BE8825 ZwDeleteValueKey SSDT F7BE882A ZwLoadKey SSDT F7BE87F8 ZwOpenProcess SSDT F7BE87FD ZwOpenThread SSDT F7BE8834 ZwReplaceKey SSDT F7BE882F ZwRestoreKey SSDT F7BE8820 ZwSetValueKey SSDT F7BE8807 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6B91360, 0x3441C7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- ? C:\WINDOWS\System32\svchost.exe[1116] C:\WINDOWS\System32\smss.exe image checksum mismatch; time/date stamp mismatch; .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[3564] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004012F7 C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtTerminateProcess] 83EC8B55 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtRaiseHardError] 458D74EC IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlInitUnicodeString] 15FF50F8 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAdjustPrivilege] [023FF014] C:\WINDOWS\System32\smss.exe (Mened¿er sesji Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlFreeHeap] 01FC7531 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 458DF875 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] 15FF508C IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAllocateHeap] [023FF004] C:\WINDOWS\System32\smss.exe (Mened¿er sesji Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 458D086A IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!DbgPrintEx] 458D50F8 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] 15FF508C IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] [023FF000] C:\WINDOWS\System32\smss.exe (Mened¿er sesji Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenFile] 508C458D IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtClose] F00815FF IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcslen] 458B023F IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcscpy] E84533E4 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryInformationProcess] 33EC4533 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreatePagingFile] C3C9F045 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetInformationFile] 8BEC8B55 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryInformationFile] EC833040 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!DbgPrint] 57565314 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQuerySystemInformation] D98B388B IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_allmul] EB04708D IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetSecurityObject] 46B70F20 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 30448D1A IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] F0F0681C IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 4F50023F IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateAcl] 00DCAFE8 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 85595900 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 811374C0 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 00011CC6 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 75FF8500 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryValueKey] [5FC033DC] C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!swprintf] C2C95B5E IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenKey] 468B0008 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetValueKey] F4458908 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateKey] 8B0C468B IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateFile] 45890473 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtReadFile] 74F685F0 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_chkstk] D8BB8D77 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcsstr] 57000000 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_wcsupr] 40015068 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtMakeTemporaryObject] 8D426A02 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] 4E50FC45 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenDirectoryObject] F0E015FF IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcsncpy] C085023F IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] 458D537C IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlInitAnsiString] 046A50EC IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_stricmp] 50F8458D IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateSection] 75FF096A IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksum] DC15FFFC IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 85023FF0 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 8B317CC0 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrUnloadDll] 452BF845 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrGetProcedureAddress] F0453BF4 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlInitString] [006A2673] C:\WINDOWS\System32\xpsp2res.dll (Komunikaty pakietu Service Pack 2/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrLoadDll] FFFC75FF IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCompareUnicodeString] 3FF0D415 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlEqualString] [7CC08502] C:\WINDOWS\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!memmove] 0C4D8B17 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!_wcsicmp] 1F8B018B IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateUnicodeString] 8908558B IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 5F8BC21C IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] C25C8904 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 01894004 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] FFFC75FF IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 3FF0D815 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtWaitForSingleObject] 40C78302 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtResumeThread] 8F75F685 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] E940C033 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateUserProcess] FFFFFF67 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateProcessParameters] 51EC8B55 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 0173A051 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] 56530240 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlLockBootStatusData] C0BE0F57 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtDisplayString] 7D89FF33 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!sprintf] DC2AE8F8 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtDuplicateObject] DC8B0000 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlLengthSid] 45C7F633 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlGetAce] 001000FC IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] FC458B00 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 0F73F83B IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 11E8C72B IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryDirectoryObject] 8B0000DC IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] 2BC38BF4 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlFindMessage] 8DF88BC6 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetEvent] 5750FC45 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetSystemInformation] FF056A56 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreateEvent] 3FF0D015 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlLeaveCriticalSection] 00043D02 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlEnterCriticalSection] D574C000 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!wcscat] 047DC085 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 60EBC033 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtDelayExecution] F003C033 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtInitializeRegistry] 468D016A IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 18685038 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtDeleteValueKey] FF023FF1 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateEnvironment] 3FF0CC15 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateUserThread] 75C08402 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCreatePort] 85068B08 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlInitializeCriticalSection] EBE375C0 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetInformationProcess] [68006A3C] C:\WINDOWS\System32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlCreateTagHeap] 00040000 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtSetInformationThread] F07415FF IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryInformationToken] F88B023F IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenThreadToken] 2974FF85 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtImpersonateClientOfPort] FF016A57 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtConnectPort] 15FF4476 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtCompleteConnectPort] [023FF020] C:\WINDOWS\System32\smss.exe (Mened¿er sesji Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtAcceptConnectPort] 127CC085 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenProcess] 8B0C75FF IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtReplyWaitReceivePort] 0875FFCE IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlExitUserThread] 81E8C78B IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtReplyPort] 89FFFFFE IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] FF57F845 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] 3FF02415 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] F8458B02 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] 5FEC658D IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtAdjustPrivilegesToken] C2C95B5E IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtOpenProcessToken] 8B550008 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] 3CEC81EC IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlUnwind] 56000002 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!NtQueryVirtualMemory] E856F08B IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!DbgBreakPoint] 0000DB36 IAT C:\WINDOWS\System32\svchost.exe[1116] @ C:\WINDOWS\System32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] [00803D59] C:\WINDOWS\System32\xpsp2res.dll (Komunikaty pakietu Service Pack 2/Microsoft Corporation) ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) F357A000-F3594000 (106496 bytes) ---- Processes - GMER 1.0.15 ---- Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 3104 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt 189 bytes File C:\Documents and Settings\NetworkService\Cookies\system@hit.gemius[1].txt 110 bytes File C:\Documents and Settings\NetworkService\Cookies\system@track.solocpm[2].txt 1546 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363 0 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\cfg.ini 204 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\Desktop.ini 4608 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\L 0 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\L\qlvnvmpe 162816 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\twl.dll 223744 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\U 0 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\U\00000001.@ 2048 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\U\00000002.@ 224768 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\U\00000004.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\U\80000000.@ 66560 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\U\80000004.@ 1024 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\U\80000032.@ 115712 bytes File C:\WINDOWS\$NtUninstallKB54950$\3722775363\version 863 bytes File C:\WINDOWS\$NtUninstallKB54950$\78431613 0 bytes ---- EOF - GMER 1.0.15 ----