GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-17 23:10:22 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9120822A rev.3.ALD Running: 02xd859e.exe; Driver: C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\pxldypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xA8BED610] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xA8BEDC10] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xA8BED730] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xA8BED4B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xA8BED570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xA8BED6D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xA8BED790] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xA8BED690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xA8BED650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xA8BED7D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xA8BED510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xA8BED590] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xA8BED4D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xA8BED5D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xA8BED750] INT 0x62 ? 8A679CB8 INT 0x63 ? 8A4E2CB8 INT 0x82 ? 8A679CB8 INT 0xA4 ? 8A4E2CB8 INT 0xB1 ? 8A0FCCB8 INT 0xB1 ? 8A0FCCB8 INT 0xB4 ? 8A4E2CB8 ---- Kernel code sections - GMER 1.0.15 ---- .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9FA1089] .text USBPORT.SYS!DllUnload B96D48AC 5 Bytes JMP 8A4E21C8 .text awk3ifgk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B931B7C0 48 Bytes [FC, A2, 01, A1, 7A, EF, 00, ...] INIT awk3ifgk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 8880 B9324040 32 Bytes [00, 00, 00, 00, 00, 00, 00, ...] INIT awk3ifgk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 8FF4 B93247B4 3 Bytes [00, 00, 00] INIT awk3ifgk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 9011 B93247D1 3 Bytes [4B, 32, B9] INIT awk3ifgk.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 9015 B93247D5 3 Bytes [4B, 32, B9] INIT ... ? C:\WINDOWS\System32\Drivers\awk3ifgk.SYS suspicious PE modification .text asky78o9.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B92C7900 48 Bytes [77, F3, CD, 04, FE, 61, B3, ...] ? C:\WINDOWS\System32\Drivers\asky78o9.SYS suspicious PE modification ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[240] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 20, 00] {SUB [EAX], AL; AND [EAX], AL} .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 20, 00] {SUB [EBX], AL; AND [EAX], AL} .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 20, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 20, 00] {TEST AL, 0x1; AND [EAX], AL} .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F61A .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 20, 00] {TEST AL, 0x2; AND [EAX], AL} .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 20, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 20, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F68B .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 20, 00] {TEST AL, 0x0; AND [EAX], AL} .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F7B9 .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 20, 00] {SUB [ECX], AL; AND [EAX], AL} .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 20, 00] {SUB [EDX], AL; AND [EAX], AL} .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 20, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F31A .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F38B .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F4B9 .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1D, 00] .text C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EA2EA6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00370010 IAT C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00330010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A6781E8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\usbuhci \Device\USBPDO-0 8A1411E8 Device \Driver\usbuhci \Device\USBPDO-1 8A1411E8 Device \Driver\usbuhci \Device\USBPDO-2 8A1411E8 Device \Driver\usbuhci \Device\USBPDO-3 8A1411E8 Device \Driver\usbehci \Device\USBPDO-4 8A12A1E8 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) Device \Driver\PCI_PNP1642 \Device\00000049 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP1642 \Device\00000049 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\Cdrom \Device\CdRom0 8A4AE1E8 Device \Driver\atapi \Device\Ide\IdePort0 [B9DDAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9DDAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DDAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9DDAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8A4AE1E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1C3430 Device \Driver\PCI_PNP1642 \Device\0000004a sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP1642 \Device\0000004a sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\NetBT \Device\NetbiosSmb 8A1C3430 Device \Driver\NetBT \Device\NetBT_Tcpip_{92AFC112-F687-4830-B7B7-AF426E08340A} 8A1C3430 Device \Driver\usbuhci \Device\USBFDO-0 8A1411E8 Device \Driver\usbuhci \Device\USBFDO-1 8A1411E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A177430 Device \Driver\usbuhci \Device\USBFDO-2 8A1411E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A177430 Device \Driver\usbuhci \Device\USBFDO-3 8A1411E8 Device \Driver\usbehci \Device\USBFDO-4 8A12A1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{19401496-C9F2-4B88-B237-41C1C32FB72D} 8A1C3430 Device \Driver\asky78o9 \Device\Scsi\asky78o91 8A0FB1E8 Device \Driver\awk3ifgk \Device\Scsi\awk3ifgk1Port3Path0Target0Lun0 8A4921E8 Device \Driver\awk3ifgk \Device\Scsi\awk3ifgk1 8A4921E8 Device \FileSystem\Cdfs \Cdfs 8A176430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x19 0xBE 0x28 0xE3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0xD7 0xDF 0x04 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCC 0xFE 0x59 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x19 0xBE 0x28 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0xD7 0xDF 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCC 0xFE 0x59 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDB 0xEB 0x4F 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0x70 0xE8 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x24 0xAC 0xF2 0x43 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x19 0xBE 0x28 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x59 0xD7 0xDF 0x04 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCC 0xFE 0x59 0x57 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0xBA 0x46 0x43 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4D 0x70 0xE8 0x8B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x24 0xAC 0xF2 0x43 ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002b9d 40502 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002bbf 18802 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002bdb 20945 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002bdc 112976 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_00276c 27281 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_00276d 263071 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_00276e 20963 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002b10 47774 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002b12 73988 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002b2a 50618 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002b51 0 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002b0e 17765 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002bc0 16690 bytes File C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_002805 30869 bytes ---- EOF - GMER 1.0.15 ----