GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-02 12:29:24 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9160821AS rev.3.ALC Running: 8c3qcdn5.exe; Driver: C:\DOCUME~1\OLA~1.OLA\USTAWI~1\Temp\afrcqfod.sys ---- System - GMER 1.0.15 ---- SSDT BA6EAAAC ZwClose SSDT BA6EAA66 ZwCreateKey SSDT BA6EAAB6 ZwCreateSection SSDT BA6EAA5C ZwCreateThread SSDT BA6EAA6B ZwDeleteKey SSDT BA6EAA75 ZwDeleteValueKey SSDT BA6EAAA7 ZwDuplicateObject SSDT spbx.sys ZwEnumerateKey [0xB9EC5CA4] SSDT spbx.sys ZwEnumerateValueKey [0xB9EC6032] SSDT BA6EAA7A ZwLoadKey SSDT spbx.sys ZwOpenKey [0xB9EA70C0] SSDT BA6EAA48 ZwOpenProcess SSDT BA6EAA4D ZwOpenThread SSDT spbx.sys ZwQueryKey [0xB9EC610A] SSDT spbx.sys ZwQueryValueKey [0xB9EC5F8A] SSDT BA6EAA84 ZwReplaceKey SSDT BA6EAA7F ZwRestoreKey SSDT BA6EAABB ZwSetContextThread SSDT BA6EAA70 ZwSetValueKey SSDT BA6EAA57 ZwTerminateProcess INT 0x62 ? 8A415BF8 INT 0x63 ? 8A1B3BF8 INT 0x83 ? 8A415BF8 INT 0x83 ? 8A415BF8 INT 0x83 ? 8A415BF8 INT 0x94 ? 8A1B3BF8 INT 0xA4 ? 8A1B3BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spbx.sys Nie można odnaleźć określonego pliku. ! .text USBPORT.SYS!DllUnload B95AC8AC 5 Bytes JMP 8A1B31D8 .text a0z9og5t.SYS B949D386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text a0z9og5t.SYS B949D3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a0z9og5t.SYS B949D3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text a0z9og5t.SYS B949D3C9 1 Byte [30] .text a0z9og5t.SYS B949D3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xAC9A8400, 0x7A186, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xACA46A20] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xACA46A20] .protect˙˙˙˙hardlockunknown last code section [0xACA46800, 0x5041, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xACA46800, 0x5041, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[132] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 009A48D7 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009A4D6C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[132] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 009A480E .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009A4DD8 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[132] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 009A4AEB .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009A4839 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[132] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 009A4B53 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[132] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 009A49B8 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[132] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 009A4C1F .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00B748D7 .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B74D6C .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00B7480E .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B74DD8 .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00B74AEB .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B74839 .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00B74B53 .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00B749B8 .text C:\WINDOWS\system32\ctfmon.exe[188] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00B74C1F .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[240] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00AB48D7 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[240] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AB4D6C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[240] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00AB480E .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AB4DD8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[240] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00AB4AEB .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AB4839 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[240] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00AB4B53 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[240] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00AB49B8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[240] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00AB4C1F .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[284] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 001548D7 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[284] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00154D6C .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[284] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0015480E .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[284] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00154DD8 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[284] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00154AEB .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[284] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00154839 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[284] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00154B53 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[284] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 001549B8 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[284] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00154C1F .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[372] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 001548D7 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00154D6C .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[372] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0015480E .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00154DD8 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[372] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00154AEB .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[372] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00154839 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[372] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00154B53 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[372] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 001549B8 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[372] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00154C1F .text C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe[452] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 001548D7 .text C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe[452] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00154D6C .text C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe[452] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0015480E .text C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe[452] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00154DD8 .text C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe[452] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00154AEB .text C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe[452] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00154839 .text C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe[452] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00154B53 .text C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe[452] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 001549B8 .text C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe[452] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00154C1F .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[472] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 001548D7 .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[472] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00154D6C .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[472] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0015480E .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00154DD8 .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[472] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00154AEB .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00154839 .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[472] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00154B53 .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[472] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 001549B8 .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[472] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00154C1F .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 011548D7 .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01154D6C .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0115480E .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01154DD8 .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 01154AEB .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01154839 .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 01154B53 .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 011549B8 .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01154C1F .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 011248D7 .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01124D6C .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0112480E .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01124DD8 .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 01124AEB .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01124839 .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 01124B53 .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 011249B8 .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01124C1F .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00FF48D7 .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00FF4D6C .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00FF480E .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00FF4DD8 .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00FF4AEB .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00FF4839 .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00FF4B53 .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00FF49B8 .text C:\WINDOWS\system32\services.exe[684] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00FF4C1F .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00CF48D7 .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CF4D6C .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00CF480E .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CF4DD8 .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00CF4AEB .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CF4839 .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00CF4B53 .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00CF49B8 .text C:\WINDOWS\system32\lsass.exe[696] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00CF4C1F .text C:\WINDOWS\system32\Ati2evxx.exe[868] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00E248D7 .text C:\WINDOWS\system32\Ati2evxx.exe[868] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E24D6C .text C:\WINDOWS\system32\Ati2evxx.exe[868] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00E2480E .text C:\WINDOWS\system32\Ati2evxx.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E24DD8 .text C:\WINDOWS\system32\Ati2evxx.exe[868] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00E24AEB .text C:\WINDOWS\system32\Ati2evxx.exe[868] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E24839 .text C:\WINDOWS\system32\Ati2evxx.exe[868] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00E24B53 .text C:\WINDOWS\system32\Ati2evxx.exe[868] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00E249B8 .text C:\WINDOWS\system32\Ati2evxx.exe[868] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00E24C1F .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00B048D7 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B04D6C .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00B0480E .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B04DD8 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00B04AEB .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B04839 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00B04B53 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00B049B8 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00B04C1F .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00C248D7 .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C24D6C .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00C2480E .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C24DD8 .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00C24AEB .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C24839 .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00C24B53 .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00C249B8 .text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00C24C1F .text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 016A48D7 .text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 016A4D6C .text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 016A480E .text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 016A4DD8 .text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 016A4AEB .text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 016A4839 .text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 016A4B53 .text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 016A49B8 .text C:\WINDOWS\System32\svchost.exe[988] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 016A4C1F .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 007E48D7 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 007E4D6C .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 007E480E .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 007E4DD8 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 007E4AEB .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 007E4839 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 007E4B53 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 007E49B8 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 007E4C1F .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00A348D7 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A34D6C .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00A3480E .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A34DD8 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00A34AEB .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A34839 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00A34B53 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00A349B8 .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00A34C1F .text C:\WINDOWS\system32\Ati2evxx.exe[1292] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00D548D7 .text C:\WINDOWS\system32\Ati2evxx.exe[1292] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00D54D6C .text C:\WINDOWS\system32\Ati2evxx.exe[1292] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00D5480E .text C:\WINDOWS\system32\Ati2evxx.exe[1292] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D54DD8 .text C:\WINDOWS\system32\Ati2evxx.exe[1292] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00D54AEB .text C:\WINDOWS\system32\Ati2evxx.exe[1292] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00D54839 .text C:\WINDOWS\system32\Ati2evxx.exe[1292] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00D54B53 .text C:\WINDOWS\system32\Ati2evxx.exe[1292] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00D549B8 .text C:\WINDOWS\system32\Ati2evxx.exe[1292] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00D54C1F .text C:\WINDOWS\system32\spoolsv.exe[1384] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 00A448D7 .text C:\WINDOWS\system32\spoolsv.exe[1384] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A44D6C .text C:\WINDOWS\system32\spoolsv.exe[1384] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 00A4480E .text C:\WINDOWS\system32\spoolsv.exe[1384] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A44DD8 .text C:\WINDOWS\system32\spoolsv.exe[1384] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00A44AEB .text C:\WINDOWS\system32\spoolsv.exe[1384] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A44839 .text C:\WINDOWS\system32\spoolsv.exe[1384] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00A44B53 .text C:\WINDOWS\system32\spoolsv.exe[1384] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00A449B8 .text C:\WINDOWS\system32\spoolsv.exe[1384] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00A44C1F .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 009648D7 .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00964D6C .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0096480E .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00964DD8 .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00964AEB .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00964839 .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00964B53 .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 009649B8 .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00964C1F .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 001548D7 .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00154D6C .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0015480E .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00154DD8 .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00154AEB .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00154839 .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00154B53 .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 001549B8 .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00154C1F .text C:\Programy\Mozilla Firefox\firefox.exe[1528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 015B5B00 C:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programy\Mozilla Firefox\firefox.exe[1528] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 017F7B58 C:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programy\Mozilla Firefox\firefox.exe[1528] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 1 Byte [E9] .text C:\Programy\Mozilla Firefox\firefox.exe[1528] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 017F7B35 C:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programy\Mozilla Firefox\firefox.exe[1528] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 015BEF12 C:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programy\Mozilla Firefox\firefox.exe[1528] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 017F7AB6 C:\Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 000948D7 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00094D6C .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0009480E .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00094DD8 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00094AEB .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00094839 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00094B53 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 000949B8 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00094C1F .text C:\Documents and Settings\ola.OLA-6BCE601B841\Pulpit\otl\8c3qcdn5.exe[1888] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 001548D7 .text C:\Documents and Settings\ola.OLA-6BCE601B841\Pulpit\otl\8c3qcdn5.exe[1888] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00154D6C .text C:\Documents and Settings\ola.OLA-6BCE601B841\Pulpit\otl\8c3qcdn5.exe[1888] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 0015480E .text C:\Documents and Settings\ola.OLA-6BCE601B841\Pulpit\otl\8c3qcdn5.exe[1888] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00154DD8 .text C:\Documents and Settings\ola.OLA-6BCE601B841\Pulpit\otl\8c3qcdn5.exe[1888] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00154AEB .text C:\Documents and Settings\ola.OLA-6BCE601B841\Pulpit\otl\8c3qcdn5.exe[1888] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00154839 .text C:\Documents and Settings\ola.OLA-6BCE601B841\Pulpit\otl\8c3qcdn5.exe[1888] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00154B53 .text C:\Documents and Settings\ola.OLA-6BCE601B841\Pulpit\otl\8c3qcdn5.exe[1888] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 001549B8 .text C:\Documents and Settings\ola.OLA-6BCE601B841\Pulpit\otl\8c3qcdn5.exe[1888] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00154C1F .text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 03E348D7 .text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03E34D6C .text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 03E3480E .text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03E34DD8 .text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 03E34AEB .text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 03E34839 .text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 03E34B53 .text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 03E349B8 .text C:\WINDOWS\Explorer.EXE[1904] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 03E34C1F .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 009B48D7 .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009B4D6C .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 009B480E .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009B4DD8 .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 009B4AEB .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009B4839 .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 009B4B53 .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 009B49B8 .text C:\WINDOWS\system32\svchost.exe[1960] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 009B4C1F .text C:\WINDOWS\RTHDCPL.EXE[2012] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 01A448D7 .text C:\WINDOWS\RTHDCPL.EXE[2012] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01A44D6C .text C:\WINDOWS\RTHDCPL.EXE[2012] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 01A4480E .text C:\WINDOWS\RTHDCPL.EXE[2012] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01A44DD8 .text C:\WINDOWS\RTHDCPL.EXE[2012] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 01A44AEB .text C:\WINDOWS\RTHDCPL.EXE[2012] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01A44839 .text C:\WINDOWS\RTHDCPL.EXE[2012] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 01A44B53 .text C:\WINDOWS\RTHDCPL.EXE[2012] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 01A449B8 .text C:\WINDOWS\RTHDCPL.EXE[2012] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01A44C1F ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spbx.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spbx.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spbx.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spbx.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spbx.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7E9C] spbx.sys IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\a0z9og5t.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A4141F8 Device \FileSystem\Fastfat \FatCdrom 8A008500 Device \Driver\usbohci \Device\USBPDO-0 8A1B21F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1343798-562A-49B8-BDED-0B4BA32424C9} 8A171500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A3A41F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A3A41F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A3A41F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A3A41F8 Device \Driver\usbohci \Device\USBPDO-1 8A1B21F8 Device \Driver\usbehci \Device\USBPDO-2 8A1941F8 Device \Driver\PCI_PNP2004 \Device\00000048 spbx.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{B37DDC2A-0013-4771-8C16-4B1887C21C85} 8A171500 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4161F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4161F8 Device \Driver\Cdrom \Device\CdRom0 8A1C91F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 8A4161F8 Device \Driver\Cdrom \Device\CdRom1 8A1C91F8 Device \Driver\usbstor \Device\00000076 8A0F0500 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A171500 Device \Driver\NetBT \Device\NetbiosSmb 8A171500 Device \Driver\usbstor \Device\00000079 8A0F0500 Device \Driver\usbohci \Device\USBFDO-0 8A1B21F8 Device \Driver\usbohci \Device\USBFDO-1 8A1B21F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1241F8 Device \Driver\usbehci \Device\USBFDO-2 8A1941F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1241F8 Device \Driver\Ftdisk \Device\FtControl 8A4161F8 Device \Driver\sptd \Device\171622004 spbx.sys Device \Driver\a0z9og5t \Device\Scsi\a0z9og5t1 8A1161F8 Device \Driver\a0z9og5t \Device\Scsi\a0z9og5t1Port3Path0Target0Lun0 8A1161F8 Device \FileSystem\Fastfat \Fat 8A008500 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 8A11D500 ---- Processes - GMER 1.0.15 ---- Process C:\WINDOWS\explorer.exe (*** hidden *** ) 212 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0xAA 0x0E 0x0B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x49 0xB3 0x51 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0x4B 0x4E 0xF3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0xAA 0x0E 0x0B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x49 0xB3 0x51 0xED ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9E 0x4B 0x4E 0xF3 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@f1679f9 C:\Documents and Settings\ola.OLA-6BCE601B841\Dane aplikacji\f1679f9\f1679f9.exe Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@f1679f9 C:\Documents and Settings\ola.OLA-6BCE601B841\Dane aplikacji\f1679f9\f1679f9.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\ola.OLA-6BCE601B841\Dane aplikacji\f1679f9\f1679f9.exe Trend Micro AntiVirus Plus AntiSpyware Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31314 Uruchamia Kreatora zamawiania odbitek online, kt?ry pomaga w zamawianiu odbitek obraz?w cyfrowych. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe Adobe? Flash? Player Installer/Uninstaller 11.4 r402 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31295 Wy?wietla informacje o tym komputerze, takie jak szybko?? procesora i ilo?? zainstalowanej pami?ci. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\DOCUME~1\OLA~1.OLA\USTAWI~1\Temp\Rar$EX00.437\USBVaccineSetup.exe Panda USB Vaccine Setup Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\DOCUME~1\OLA~1.OLA\USTAWI~1\Temp\Rar$EX16.250\USBVaccineSetup.exe Panda USB Vaccine Setup Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\DOCUME~1\OLA~1.OLA\USTAWI~1\Temp\Rar$EX33.328\USBVaccineSetup.exe Panda USB Vaccine Setup Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\DOCUME~1\OLA~1.OLA\USTAWI~1\Temp\Rar$EX00.687\USBVaccineSetup.exe Panda USB Vaccine Setup Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-31316 Uruchamia Kreatora drukowania fotografii, kt?ry pomaga w formatowaniu i drukowaniu obraz?w cyfrowych. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\system32\shell32.dll,-22580 Oferuje najnowsze aktualizacje zabezpiecze?, sterowniki urz?dze? i inne funkcje, kt?re s? dost?pne dla tego komputera z systemem Windows. Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\ola.OLA-6BCE601B841\Moje dokumenty\Pobieranie\DeleteFXPFilesClassic.exe Delete FXP Files Classic ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\ola.OLA-6BCE601B841\Dane aplikacji\f1679f9 0 bytes File C:\Documents and Settings\ola.OLA-6BCE601B841\Dane aplikacji\f1679f9\f1679f9.cfg 292 bytes File C:\Documents and Settings\ola.OLA-6BCE601B841\Dane aplikacji\f1679f9\f1679f9.exe 89327 bytes executable ---- EOF - GMER 1.0.15 ----